The following is a program code to prevent php pages from injecting sql. Friends in need can refer to it.
The following code implements filtering PHP’s $_GET and $_POST parameters
The code is as follows
| 代码如下 |
复制代码 |
|
/**
* 安全防范
*/
function Add_S($array)
{
foreach($array as $key=>$value)
{
if(!is_array($value))
{
$value = get_magic_quotes_gpc()?$value:addslashes($value);
$array[$key]=filterHtml($value);
}
Else
{
Add_S($array[$key]);
}
}
return $array;
}
function glstr($var) {
if (is_array($var)) {
return Add_S($var);
}
elseif(strlen($var)){
$var = get_magic_quotes_gpc()?$var:addslashes($var);
$var = filterHtml($var);
}
return $var;
}
function filterHtml($html)
{
$farr = array(
"/]*?)>/eis",
"/<(/?)(html|body|head|link|meta|base|input)([^>]*?)>/eis",
"/<(script|i?frame|style|title|form)(.*?)/eis",
"/(<[^>]*?s+)on[a-z]+s*?=("|')([^2]*)2([^>]*?>)/isU",//过滤javascript的on事件
"/s+/",//过滤多余的空白
);
$tarr = array(
"",
"",
"",
"14",
" ",
);
$html = preg_replace( $farr,$tarr,$html);
return $html;
}
if (sizeof($_GET)) {
foreach($_GET as $key => $value) {
$_GET[$key] = glstr($value); //
}
}
if (sizeof($_POST)) {
foreach($_POST as $key => $value) {
$_POST[$key] = glstr($value); //
}
}
|
|
Copy code |
|
|
/**
* Safety precautions
*/
function Add_S($array)
{
foreach($array as $key=>$value)
{
if(!is_array($value))
{
$value = get_magic_quotes_gpc()?$value:addslashes($value);
$array[$key]=filterHtml($value);
}
Else
{
Add_S($array[$key]);
}
}
return $array;
}
function glstr($var) {
if (is_array($var)) {
return Add_S($var);
}
elseif(strlen($var)){
$var = get_magic_quotes_gpc()?$var:addslashes($var);
$var = filterHtml($var);
}
return $var;
}
function filterHtml($html)
{
$farr = array(
"/]*?)>/eis",
"/<(/?)(html|body|head|link|meta|base|input)([^>]*?)>/eis",
"/<(script|i?frame|style|title|form)(.*?)/eis",
"/(<[^>]*?s+)on[a-z]+s*?=("|')([^2]*)2([^>]*?>)/isU" ,//Filter the on event of javascript
"/s+/",//Filter excess whitespace
);
$tarr = array(
"",
"",
"",
"14",
" ",
);
$html = preg_replace( $farr,$tarr,$html);
return $html;
}
if (sizeof($_GET)) {
foreach($_GET as $key => $value) {
$_GET[$key] = glstr($value); //
}
}
if (sizeof($_POST)) {
foreach($_POST as $key => $value) {
$_POST[$key] = glstr($value); //
}
}
http://www.bkjia.com/PHPjc/629648.htmltruehttp: //www.bkjia.com/PHPjc/629648.htmlTechArticleThe following is a program code to prevent php pages from injecting sql. Friends in need can refer to it. The following code implements filtering php's $_GET and $_POST parameters. The code is as follows. Copy code /** * Security...
How to open php file
The difference between get and post
The difference between get request and post request
How to remove the first few elements of an array in php
What to do if php deserialization fails
What are the data analysis tools?
How to connect php to mssql database
How to connect php to mssql database
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
