]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU""/> ]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU"">

Home  >  Article  >  Backend Development  >  PHP anti-XSS anti-SQL injection code

PHP anti-XSS anti-SQL injection code

伊谢尔伦
伊谢尔伦Original
2016-12-01 09:48:021355browse

function gjj($str)
{
    $farr = array(
        "/\\s+/",
        "/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU",
        "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
    );
    $str = preg_replace($farr,"",$str);
    return addslashes($str);
}
 
function hg_input_bb($array)
{
    if (is_array($array))
    {
        foreach($array AS $k => $v)
        {
            $array[$k] = hg_input_bb($v);
        }
    }
    else
    {
        $array = gjj($array);
    }
    return $array;
}
$_REQUEST = hg_input_bb($_REQUEST);
$_GET = hg_input_bb($_GET);
$_POST = hg_input_bb($_POST);


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn