php中html字符串过滤函数详解 -php手册-php.cn

Home

php教程

php手册

php中html字符串过滤函数详解

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

May 25, 2016 pm 04:49 PM

select sql injection

在php中过滤html字符串的方法有很多，如果我们使用系统自带的可能不适合于提交表单类数据了，如果用自定的相对会好处理一些，下面我介绍了一些方法大家可参考参考。

自定义的一个函数

<?php
function StripHTML($string) {
    $pattern = array(
        "&#39;<script[^>]*?>.*?</script>&#39;si",
        "&#39;<style[^>]*?>.*?</style>&#39;si",
        "&#39;<[/!]*?[^<>]*?>&#39;si",
        "&#39;([rn])[s]+&#39;",
        "&#39;&(quot|#34);&#39;i",
        "&#39;&(amp|#38);&#39;i",
        "&#39;&(lt|#60);&#39;i",
        "&#39;&(gt|#62);&#39;i",
        "&#39;&(nbsp|#160);&#39;i",
        "&#39;&(iexcl|#161);&#39;i",
        "&#39;&(cent|#162);&#39;i",
        "&#39;&(pound|#163);&#39;i",
        "&#39;&(copy|#169);&#39;i",
        "&#39;&#(d+);&#39;e"
    );
    $replace = array(
        &#39;&#39;,
        &#39;&#39;,
        "1",
        &#39;&#39;,
        "&",
        "<",
        ">",
        &#39; &#39;,
        chr(161) ,
        chr(162) ,
        chr(163) ,
        chr(169) ,
        "chr(1)"
    );
    return preg_replace($pattern, $replace, $str);
}
?>
除了上面自定的函数之外还有一个php自带的过滤html的函数：strip_tags(string) 这样就可以过滤掉所有的html标签了。
如果想过滤掉除了<img  src="" alt="php中html字符串过滤函数详解 " >之外的所有html标签，则可以这样写：
 代码如下复制代码
strip_tags(string,"<img  alt="php中html字符串过滤函数详解 " >");
过滤除了<img  src="" alt="php中html字符串过滤函数详解 " ><p>xxx</p><b></b>之外的所有html标签，则可以这样写：
 代码如下复制代码
strip_tags(string,"<img  alt="php中html字符串过滤函数详解 " ><p><b>");
网上找到一个防sql注入函数
<?php
//php 批量过滤post,get敏感数据
if (get_magic_quotes_gpc()) {
    $_GET = stripslashes_array($_GET);
    $_POST = stripslashes_array($_POST);
}
function stripslashes_array(&$array) {
    while (list($key, $var) = each($array)) {
        if ($key != &#39;argc&#39; && $key != &#39;argv&#39; && (strtoupper($key) != $key || &#39;&#39; . intval($key) == "$key")) {
            if (is_string($var)) {
                $array[$key] = stripslashes($var);
            }
            if (is_array($var)) {
                $array[$key] = stripslashes_array($var);
            }
        }
    }
    return $array;
}
//--------------------------
// 替换HTML尾标签,为过滤服务 http://www.phprm.com
//--------------------------
function lib_replace_end_tag($str) {
    if (empty($str)) return false;
    $str = htmlspecialchars($str);
    $str = str_replace(&#39;/&#39;, "", $str);
    $str = str_replace("", "", $str);
    $str = str_replace("&gt", "", $str);
    $str = str_replace("&lt", "", $str);
    $str = str_replace("<SCRIPT>", "", $str);
    $str = str_replace("</SCRIPT>", "", $str);
    $str = str_replace("<script>", "", $str);
    $str = str_replace("</script>", "", $str);
    $str = str_replace("select", "select", $str);
    $str = str_replace("join", "join", $str);
    $str = str_replace("union", "union", $str);
    $str = str_replace("where", "where", $str);
    $str = str_replace("insert", "insert", $str);
    $str = str_replace("delete", "delete", $str);
    $str = str_replace("update", "update", $str);
    $str = str_replace("like", "like", $str);
    $str = str_replace("drop", "drop", $str);
    $str = str_replace("create", "create", $str);
    $str = str_replace("modify", "modify", $str);
    $str = str_replace("rename", "rename", $str);
    $str = str_replace("alter", "alter", $str);
    $str = str_replace("cas", "cast", $str);
    $str = str_replace("&", "&", $str);
    $str = str_replace(">", ">", $str);
    $str = str_replace("<", "<", $str);
    $str = str_replace(" ", chr(32) , $str);
    $str = str_replace(" ", chr(9) , $str);
    $str = str_replace("    ", chr(9) , $str);
    $str = str_replace("&", chr(34) , $str);
    $str = str_replace("&#39;", chr(39) , $str);
    $str = str_replace("<br />", chr(13) , $str);
    $str = str_replace("&#39;&#39;", "&#39;", $str);
    $str = str_replace("css", "&#39;", $str);
    $str = str_replace("CSS", "&#39;", $str);
    return $str;
}
?>

Copy after login

使用方法

引用是直接这样：

$xxx = htmlspecialchars($_POST['xxx']);

或者

$xxx = htmlspecialchars($_GET['xxx']);

文章地址:

转载随意^^请带上本文地址!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Repo: How To Revive Teammates

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

3 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7338

Java Tutorial

1627

CakePHP Tutorial

1352

Laravel Tutorial

1265

PHP Tutorial

1210

Related knowledge

How to use exp for SQL error injection May 12, 2023 am 10:16 AM

0x01 Preface Overview The editor discovered another Double data overflow in MySQL. When we get the functions in MySQL, the editor is more interested in the mathematical functions. They should also contain some data types to save values. So the editor ran to test to see which functions would cause overflow errors. Then the editor discovered that when a value greater than 709 is passed, the function exp() will cause an overflow error. mysql>selectexp(709);+-----------------------+|exp(709)|+---------- ------------+|8.218407461554972

Nginx basic security knowledge: preventing SQL injection attacks Jun 10, 2023 pm 12:31 PM

Nginx is a fast, high-performance, scalable web server, and its security is an issue that cannot be ignored in web application development. Especially SQL injection attacks, which can cause huge damage to web applications. In this article, we will discuss how to use Nginx to prevent SQL injection attacks to protect the security of web applications. What is a SQL injection attack? SQL injection attack is an attack method that exploits vulnerabilities in web applications. Attackers can inject malicious code into web applications

PHP Programming Tips: How to Prevent SQL Injection Attacks Aug 17, 2023 pm 01:49 PM

PHP Programming Tips: How to Prevent SQL Injection Attacks Security is crucial when performing database operations. SQL injection attacks are a common network attack that exploit an application's improper handling of user input, resulting in malicious SQL code being inserted and executed. To protect our application from SQL injection attacks, we need to take some precautions. Use parameterized queries Parameterized queries are the most basic and most effective way to prevent SQL injection attacks. It works by comparing user-entered values with a SQL query

Asynchronous processing method of Select Channels Go concurrent programming using golang Sep 28, 2023 pm 05:27 PM

Asynchronous processing method of SelectChannelsGo concurrent programming using golang Introduction: Concurrent programming is an important area in modern software development, which can effectively improve the performance and responsiveness of applications. In the Go language, concurrent programming can be implemented simply and efficiently using Channels and Select statements. This article will introduce how to use golang for asynchronous processing methods of SelectChannelsGo concurrent programming, and provide specific

How to hide the select element in jquery Aug 15, 2023 pm 01:56 PM

How to hide the select element in jquery: 1. hide() method, introduce the jQuery library into the HTML page, you can use different selectors to hide the select element, the ID selector replaces the selectId with the ID of the select element you actually use; 2. css() method, use the ID selector to select the select element that needs to be hidden, use the css() method to set the display attribute to none, and replace selectId with the ID of the select element.

How to prevent SQL injection attacks using PHP Jun 24, 2023 am 10:31 AM

In the field of network security, SQL injection attacks are a common attack method. It exploits malicious code submitted by malicious users to alter the behavior of an application to perform unsafe operations. Common SQL injection attacks include query operations, insert operations, and delete operations. Among them, query operations are the most commonly attacked, and a common method to prevent SQL injection attacks is to use PHP. PHP is a commonly used server-side scripting language that is widely used in web applications. PHP can be related to MySQL etc.

PHP form filtering: SQL injection prevention and filtering Aug 07, 2023 pm 03:49 PM

PHP form filtering: SQL injection prevention and filtering Introduction: With the rapid development of the Internet, the development of Web applications has become more and more common. In web development, forms are one of the most common ways of user interaction. However, there are security risks in the processing of form submission data. Among them, one of the most common risks is SQL injection attacks. A SQL injection attack is an attack method that uses a web application to improperly process user input data, allowing the attacker to perform unauthorized database queries. The attacker passes the

Detection and repair of PHP SQL injection vulnerabilities Aug 08, 2023 pm 02:04 PM

Overview of detection and repair of PHP SQL injection vulnerabilities: SQL injection refers to an attack method in which attackers use web applications to maliciously inject SQL code into the input. PHP, as a scripting language widely used in web development, is widely used to develop dynamic websites and applications. However, due to the flexibility and ease of use of PHP, developers often ignore security, resulting in the existence of SQL injection vulnerabilities. This article will introduce how to detect and fix SQL injection vulnerabilities in PHP and provide relevant code examples. check

See all articles