A brief analysis of how to filter HTML strings in PHP and prevent SQL injection

Home

Backend Development

PHP Tutorial

A brief analysis of how to filter HTML strings in PHP and prevent SQL injection_PHP Tutorial

Jul 21, 2016 pm 03:01 PM

get html php post sql code copy string batch sensitive data method injection of filter prevent

Batch filter posts, get sensitive data

Copy code The code is as follows:

$_GET = stripslashes_array( $_GET);
$_POST = stripslashes_array($_POST);

Data filter function

Copy code The code is as follows:

function stripslashes_array(&$array) {
 while(list($key,$var) = each($array)) {
 if ( $key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
 if ( is_string($var)) {
 $array[$key] = stripslashes($var);
 }
 if (is_array($var)) {
 $array[$key] = stripslashes_array ($var);
 }
 }
 }
 return $array; 
}

Replace HTML tail tag to serve filtering

Copy code The code is as follows:

function lib_replace_end_tag($str)
{
 if (empty( $str)) return false;
 $str = htmlspecialchars($str);
 $str = str_replace( '/', "", $str);
 $str = str_replace("\", "", $str);
 $str = str_replace(">", "", $str);
 $str = str_replace("<", "", $str);
 $str = str_replace("<SCRIPT>", "", $str);
 $str = str_replace("</SCRIPT>", "", $str);
 $str = str_replace( "<script>", "", $str);
 $str = str_replace("</script>", "", $str);
 $str=str_replace("select"," select",$str);
 $str=str_replace("join","join",$str);
 $str=str_replace("union","union",$str);
 $str=str_replace("where","where",$str);
 $str=str_replace("insert","insert",$str);
 $str=str_replace("delete"," delete",$str);
 $str=str_replace("update","update",$str);
 $str=str_replace("like","like",$str);
 $str=str_replace("drop","drop",$str);
 $str=str_replace("create","create",$str);
 $str=str_replace("modify"," modify",$str);
 $str=str_replace("rename","rename",$str);
 $str=str_replace("alter","alter",$str);
 $str=str_replace("cas","cast",$str);
 $str=str_replace("&","&",$str);
 $str=str_replace(">", ">",$str);
 $str=str_replace("<","<",$str);
 $str=str_replace(" ",chr(32),$str) ;
 $str=str_replace(" ",chr(9),$str);
 $str=str_replace(" ",chr(9),$str);
 $str=str_replace(" &",chr(34),$str);
 $str=str_replace("'",chr(39),$str);
 $str=str_replace("<br />", chr(13),$str);
 $str=str_replace("''","'",$str);
 $str=str_replace("css","'",$str); 
 $str=str_replace("CSS","'",$str); 
 return $str; 
}

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn