Home > Backend Development > PHP Tutorial > 'Perfect' anti-XSS and anti-SQL injection code spray

'Perfect' anti-XSS and anti-SQL injection code spray

WBOY
Release: 2016-07-25 08:50:51
Original
1286 people have browsed it
Haha, I have posted a paragraph before, here is another paragraph. The company believes that these two codes in this project are very good and can prevent all code attacks, so I will publish them here. Please break it, please hurry up and break it.
  1. function gjj($str)
  2. {
  3. $farr = array(
  4. "/\s+/",
  5. "/<(\/?)(script|i?frame|style|html|body|title |link|meta|object|\?|\%)([^>]*?)>/isU",
  6. "/(<[^>]*)on[a-zA-Z]+ s*=([^>]*>)/isU",
  7. );
  8. $str = preg_replace($farr,"",$str);
  9. return addslashes($str);
  10. }
  11. function hg_input_bb ($array)
  12. {
  13. if (is_array($array))
  14. {
  15. foreach($array AS $k => $v)
  16. {
  17. $array[$k] = hg_input_bb($v);
  18. }
  19. }
  20. else
  21. {
  22. $array = gjj($array);
  23. }
  24. return $array;
  25. }
  26. $_REQUEST = hg_input_bb($_REQUEST);
  27. $_GET = hg_input_bb($_GET);
  28. $_POST = hg_input_bb( $_POST);
Copy code


source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template