PHP "完美"的防XSS 防SQL注入的代码
发布时间:2013-07-10 20:12:00 来源:51推一把
【摘要】PHP "完美"的防XSS 防SQL注入的代码 function gjj($str){ $farr = array( "/\s+/", "/<(\/?)(script|i?frame|style|html|body|title|link|meta|obje
PHP "完美"的防XSS 防SQL注入的代码
function gjj($str)
{
$farr = array(
"/s+/",
"/<(/?)(script|i?frame|style|html|body|title|link|meta|object|?|\%)([^>]*?)>/isU",
"/(<[^>]*)on[a-zA-Z]+s*=([^>]*>)/isU",
);
$str = preg_replace($farr,"",$str);
return addslashes($str);
}
function hg_input_bb($array)
{
if (is_array($array))
{
foreach($array AS $k => $v)
{
$array[$k] = hg_input_bb($v);
}
}
else
{
$array = gjj($array);
}
return $array;
}
$_REQUEST = hg_input_bb($_REQUEST);
$_GET = hg_input_bb($_GET);
$_POST = hg_input_bb($_POST);