A brief analysis of php filtering html strings to prevent SQL injection

不言
Release: 2023-03-24 08:28:02
Original
2163 people have browsed it

这篇文章主要介绍了浅析php过滤html字符串,防止SQL注入,有着一定的参考价值,现在分享给大家,有需要的朋友可以参考一下

http://www.mb5u.com/biancheng/php/php_98728.html


本篇文章是对PHP中字符串编码转换的实现代码进行了详细的分析介绍,需要的朋友参考下 复制代码 代码如下: /** * 对数据进行编码转换 * @param array/string $data 数组 * @param string $output 转换后的编码 */ function array_iconv($data,$output = 'utf-8') { $enco本篇文章是对php中过滤html字符串,防止SQL注入的方法进行了详细的分析介绍,需要的朋友参考下 

批量过滤post,get敏感数据

复制代码 代码如下:

$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
Copy after login

数据过滤函数

复制代码 代码如下:

function stripslashes_array(&$array) {
 while(list($key,$var) = each($array)) {
  if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
   if (is_string($var)) {
    $array[$key] = stripslashes($var);
   }
   if (is_array($var))  {
    $array[$key] = stripslashes_array($var);
   }
  }
 }
 return $array; 
}
Copy after login


替换HTML尾标签,为过滤服务

复制代码 代码如下:

function lib_replace_end_tag($str)
{
 if (empty($str)) return false;
 $str = htmlspecialchars($str);
 $str = str_replace( '/', "", $str);
 $str = str_replace("\\", "", $str);
 $str = str_replace(">", "", $str);
 $str = str_replace("<", "", $str);
 $str = str_replace("<SCRIPT>", "", $str);
 $str = str_replace("</SCRIPT>", "", $str);
 $str = str_replace("<script>", "", $str);
 $str = str_replace("</script>", "", $str);
 $str=str_replace("select","select",$str);
 $str=str_replace("join","join",$str);
 $str=str_replace("union","union",$str);
 $str=str_replace("where","where",$str);
 $str=str_replace("insert","insert",$str);
 $str=str_replace("delete","delete",$str);
 $str=str_replace("update","update",$str);
 $str=str_replace("like","like",$str);
 $str=str_replace("drop","drop",$str);
 $str=str_replace("create","create",$str);
 $str=str_replace("modify","modify",$str);
 $str=str_replace("rename","rename",$str);
 $str=str_replace("alter","alter",$str);
 $str=str_replace("cas","cast",$str);
 $str=str_replace("&","&",$str);
 $str=str_replace(">",">",$str);
 $str=str_replace("<","<",$str);
 $str=str_replace(" ",chr(32),$str);
 $str=str_replace(" ",chr(9),$str);
 $str=str_replace("    ",chr(9),$str);
 $str=str_replace("&",chr(34),$str);
 $str=str_replace("&#39;",chr(39),$str);
 $str=str_replace("<br />",chr(13),$str);
 $str=str_replace("&#39;&#39;","&#39;",$str);
 $str=str_replace("css","&#39;",$str);
 $str=str_replace("CSS","&#39;",$str); 
 return $str;  
}
Copy after login

分享:服务器变量 $_SERVER 的深入解析
服务器变量 $_SERVER 的深入解析: 1、$_SESSION['PHP_SELF'] -- 获取当前正在执行脚本的文件名 2、$_SERVER['SERVER_PROTOCOL'] -- 请求页面时通信协议的名称和版本。例如,HTTP/1.0。 3、$_SERVER['REQUEST_TIME'] -- 请求开始时的时间戳。从 PHP 5.1.0 起有效。和ti

相关推荐:

详细介绍PHP过滤常见html标签的正则表达式


The above is the detailed content of A brief analysis of php filtering html strings to prevent SQL injection. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template