This article mainly introduces the analysis of PHP filter HTML string, to prevent SQL injection, has a certain reference value, now share to everyone, the need for friends can refer to
Http://www.mb5u.com/biancheng/php/php_98728.html
This article is a detailed analysis of the implementation code of the string encoding conversion in PHP, the need for a friend reference under the copy Code code as follows:/** * Encode data * @param array/string $data array * @param string $OUTPU T-converted Encoding */function Array_iconv ($data, $output = ' utf-8 ') {$enco This article is a detailed analysis of the methods of filtering HTML strings in PHP to prevent SQL injection, which requires a friend's reference
Batch filter Post,get sensitive data
Copy the Code code as follows:
$_get = Stripslashes_array ($_get); $_post = Stripslashes_array ($_post);
Data filtering functions
Copy the Code code as follows:
Function Stripslashes_array (& $array) {while (list ($key, $var) = each ($array)) { if ($key! = ' argc ' && $key ! = ' argv ' && (Strtoupper ($key)! = $key | | ". Intval ($key) = =" $key ") { if (is_string ($var)) { $array [$key] = stripslashes ($var); } if (Is_array ($var)) { $array [$key] = Stripslashes_array ($var);}} } return $array;}
Replace HTML footer tags for filtering services
Copy the Code code as follows:
function Lib_replace_end_tag ($STR) {if (empty ($STR)) return false; $str = Htmlspecialchars ($str); $str = Str_replace ('/', "", $STR); $str = str_replace ("\ \", "", $str); $str = Str_replace (">", "", $str); $str = Str_replace ("<", "", $str); $str = Str_replace ("<SCRIPT>", "", $str); $str = Str_replace ("</SCRIPT>", "", $str); $str = Str_replace ("<script>", "", $str); $str = Str_replace ("</script>", "", $str); $str =str_replace ("Select", "select", $str); $str =str_replace ("Join", "join", $STR); $str =str_replace ("union", "union", $STR); $str =str_replace ("where", "where", $str); $str =str_replace ("Insert", "Insert", $STR); $str =str_replace ("delete", "delete", $str); $str =str_replace ("Update", "Update", $STR); $str =str_replace ("like", "like", $STR); $str =str_replace ("Drop", "drop", $str); $str =str_replace ("Create", "create", $STR); $str =str_replace ("Modify", "Modify", $str); $str =str_replace ("rename", "Rename", $str); $STR =str_replace ("Alter", "Alter", $STR); $str =str_replace ("cas", "cast", $sTR); $str =str_replace ("&", "&", $STR); $str =str_replace (">", ">", $str); $str =str_replace ("<", "<", $str); $str =str_replace ("", Chr (+), $str); $str =str_replace ("", Chr (9), $STR); $str =str_replace ("", Chr (9), $STR); $str =str_replace ("&", CHR, $STR); $str =str_replace ("'", Chr (), $STR); $str =str_replace ("<br/>", CHR, $STR); $str =str_replace ("'" "," ' ", $str); $str =str_replace ("CSS", "'", $str); $str =str_replace ("CSS", "'", $str); return $str; }
share: Deep parsing of server variable $_server
server variable $_server: 1, $_session[' php_self ']--Get the file name of the currently executing script 2, $_server[' Server_ PROTOCOL ']--the name and version of the communication protocol when the page is requested. For example, http/1.0. 3, $_server[' Request_time ')--timestamp at the beginning of the request. Valid from PHP 5.1.0. and Ti