"完美"的防XSS 防SQL注入的代码喷

PHP中文网

Release： 2016-05-25 17:04:54

Original

1186 people have browsed it

"完美"的防XSS 防SQL注入的代码喷

哈哈，之前发过一段了，再来一段，单位认为这个项目中这两个代码很牛，可以防止一切代码类的攻击，在此发布出来。求破解，大家加紧破，

function gjj($str)
{
    $farr = array(
        "/\\s+/",
        "/]*?)>/isU",
        "/(]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
    );
    $str = preg_replace($farr,"",$str);
    return addslashes($str);
}

function hg_input_bb($array)
{
    if (is_array($array))
    {
        foreach($array AS $k => $v)
        {
            $array[$k] = hg_input_bb($v);
        }
    }
    else
    {
        $array = gjj($array);
    }
    return $array;
}
$_REQUEST = hg_input_bb($_REQUEST);
$_GET = hg_input_bb($_GET);
$_POST = hg_input_bb($_POST);

Copy after login

以上就是"完美"的防XSS 防SQL注入的代码喷的内容，更多相关内容请关注PHP中文网（www.php.cn）！

Related labels：

防XSS，防SQL注入

source：php.cn

Previous article：百度网盘的外链代理 Next article：php获取当前页面完整url地址的函数

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

"完美"的防XSS 防SQL注入的代码 喷

"完美"的防XSS 防SQL注入的代码喷