HTML string filter function in PHP

A custom function

The code is as follows

function striphtml ($string) { $pattern =array ("' <script[^>]*?>.*?</script> ' si", "' <style[^>]*?>.*?</style> ' si", " ' <[/!] *? [^<>]*?> ' Si "," ' ([RN]) [s]+ ' "," ' & (quot| #34); ' I "," ' & (amp| #38); ' I "," ' & (lt| #60); ' I "," ' & (gt| #62); ' I "," ' & (nbsp| #160); ' I "," ' & (iexcl| #161); ' I "," ' & (cent| #162); ' I "," ' & (pound| #163); ' I "," ' & (copy| #169); ' I "," ' &# (d+); ' E "); $replace =array (",", "1", "", "&", "<", ">", "", Chr (161), Chr (162), Chr (163), Chr (169), "Chr (1)"); Return Preg_replace ($pattern, $replace, $STR); }

In addition to the custom function above, there is a php-filtered function of HTML: strip_tags (String) so you can filter out all the HTML tags.

If you want to filter out all HTML tags except ", you can write this:

The code is as follows
Strip_tags (String, "

To filter all HTML tags except <p>xxx</p><b></b>, you can write this:

The code is as follows
Strip_tags (String, "<p><b>");

Find an anti-SQL injection function on the web

The code is as follows

PHP Bulk filter Post,get sensitive data if (GET_MAGIC_QUOTES_GPC ()) { $_get = Stripslashes_array ($_get); $_post = Stripslashes_array ($_post); } Function Stripslashes_array (& $array) { while (the list ($key, $var) = each ($array)) { if ($key!= ' argc ' && $key!= ' argv ' && (Strtoupper ($key)!= $key | | '. Intval ($key) = = "$key")) { if (is_string ($var)) { $array [$key] = stripslashes ($var); } if (Is_array ($var)) { $array [$key] = Stripslashes_array ($var); } } } return $array; } //-------------------------- //Replace HTML tail tag,  www.111cn.net for filtering service //-------------------------- Function Lib_replace_end_tag ($STR) { if (empty ($STR)) return false; $str = Htmlspecialchars ($STR); $str = Str_replace ('/', "", $str); $str = Str_replace ("", "", $str); $str = Str_replace ("&gt", "", $str); $str = Str_replace ("&lt", "", $str); $str = Str_replace ("<SCRIPT>", "", $str); $str = Str_replace ("</SCRIPT>", "", $str); $str = Str_replace ("<script>", "", $str); $str = Str_replace ("</script>", "", $str); $str =str_replace ("Select", "select", $str); $str =str_replace ("Join", "join", $STR); $str =str_replace ("union", "union", $STR); $str =str_replace ("where", "where", $str); $str =str_replace ("Insert", "Insert", $STR); $str =str_replace ("delete", "delete", $str); $str =str_replace ("Update", "Update", $STR); $str =str_replace ("like", "like", $STR); $str =str_replace ("Drop", "drop", $str); $str =str_replace ("Create", "CreaTE ", $str); $str =str_replace ("Modify", "Modify", $str); $str =str_replace ("rename", "Rename", $str); $str =str_replace ("Alter", "Alter", $STR); $str =str_replace ("cas", "cast", $STR); $str =str_replace ("&", "&", $STR); $str =str_replace (">", ">", $str); $str =str_replace ("<", "<", $str); $str =str_replace ("", Chr (), $STR); $str =str_replace ("", Chr (9), $STR); $str =str_replace ("   ", Chr (9), $STR); $str =str_replace ("&", Chr (), $STR); $str =str_replace ("'", Chr (), $STR); $str =str_replace ("<br/>", CHR), $STR); $str =str_replace ("" "," "", $str); $str =str_replace ("CSS", "'", $str); $str =str_replace ("CSS", "'", $str); return $str; }

How to use

The code is as follows
References are directly like this: $xxx = htmlspecialchars ($_post[' xxx ')); Or $xxx = htmlspecialchars ($_get[' xxx '));