php通用全局安全过滤xss & 防注入

PHP中文网

Release： 2016-05-23 16:40:20

Original

1332 people have browsed it

php代码

<?php
//php防注入和XSS攻击通用过滤.  
//by qq:831937
$_GET		&& SafeFilter($_GET);
$_POST		&& SafeFilter($_POST);
$_COOKIE	&& SafeFilter($_COOKIE);
 
function SafeFilter (&$arr) 
{   
      if (is_array($arr))
     {
          foreach ($arr as $key => $value) 
          {
               if (!is_array($value))
               {
                    if (!get_magic_quotes_gpc())	//不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
                    {
                         $value    = addslashes($value);	//给单引号（&#39;）、双引号（"）、反斜线（\）与 NUL（NULL 字符）加上反斜线转义
                    }
                    $arr[$key]         = htmlspecialchars($value,ENT_QUOTES);	//&,",&#39;,> ,< 转为html实体 &amp;,&quot;&#039;,&gt;,&lt;

               }
               else
               {
                    SafeFilter($arr[$key]);
               }
          }
     }
}
?>

Copy after login

Related labels：

php通用全局安全过滤xss & 防注入

source：php.cn

Previous article：array_keys:返回数组中符合条件的键,组成为一个新的数组 Next article：获取地址栏传递的参数

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn