PHP filters all malicious characters (bulk filter post,get sensitive data) _php tips

Function code:

Copy Code code as follows:

PHP Bulk filter Post,get sensitive data
if (GET_MAGIC_QUOTES_GPC ()) {
$_get = Stripslashes_array ($_get);
$_post = Stripslashes_array ($_post);
}
Function Stripslashes_array (& $array) {
while (the list ($key, $var) = each ($array)) {
if ($key!= ' argc ' && $key!= ' argv ' && (Strtoupper ($key)!= $key | | '. Intval ($key) = = "$key")) {
if (is_string ($var)) {
$array [$key] = stripslashes ($var);
}
if (Is_array ($var)) {
$array [$key] = Stripslashes_array ($var);
}
}
}
return $array;
}
Filter
function HTMLEncode ($STR) {
if (empty ($STR)) return;
if ($str = = "") return $str;
$str =trim ($STR);
$str =str_replace ("&", "&", $STR);
$str =str_replace (">", ">", $str);
$str =str_replace ("<", "<", $str);
$str =str_replace (CHR), "", $str);
$str =str_replace (Chr (9), "", $str);
$str =str_replace (Chr (9), "", $str);
$str =str_replace (CHR), "&", $STR);
$str =str_replace (CHR), "'", $str);
$str =str_replace (Chr (13), "
", $STR);
$str =str_replace ("'", "" ", $str);
$str =str_replace ("Select", "select", $str);
$str =str_replace ("script", "script", $STR);
$str =str_replace ("script", "script", $STR);
$str =str_replace ("Join", "join", $STR);
$str =str_replace ("union", "union", $STR);
$str =str_replace ("where", "where", $str);
$str =str_replace ("Insert", "Insert", $STR);
$str =str_replace ("delete", "delete", $str);
$str =str_replace ("Update", "Update", $STR);
$str =str_replace ("like", "like", $STR);
$str =str_replace ("Drop", "drop", $str);
$str =str_replace ("Create", "create", $STR);
$str =str_replace ("Modify", "Modify", $str);
$str =str_replace ("rename", "Rename", $str);
$STR =str_replace ("Alter", "Alter", $STR);
$str =str_replace ("Cast", "CAS", $str);
return $str;
}
Decoding
function HtmlDecode ($STR) {
if (empty ($STR)) return;
if ($str = = "") return $str;
$str =str_replace ("Select", "select", $str);
$str =str_replace ("Join", "join", $STR);
$str =str_replace ("union", "union", $STR);
$str =str_replace ("where", "where", $str);
$str =str_replace ("Insert", "Insert", $STR);
$str =str_replace ("delete", "delete", $str);
$str =str_replace ("Update", "Update", $STR);
$str =str_replace ("like", "like", $STR);
$str =str_replace ("Drop", "drop", $str);
$str =str_replace ("Create", "create", $STR);
$str =str_replace ("Modify", "Modify", $str);
$str =str_replace ("rename", "Rename", $str);
$STR =str_replace ("Alter", "Alter", $STR);
$str =str_replace ("cas", "cast", $STR);
$str =str_replace ("&", "&", $STR);
$str =str_replace (">", ">", $str);
$str =str_replace ("<", "<", $str);
$str =str_replace ("", Chr (), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("&", Chr (), $STR);
$str =str_replace ("'", Chr (), $STR);
$str =str_replace ("
", CHR, $STR);
$str =str_replace ("" "," "", $str);
return $str;
}
Functions: String_filter ($string, $match _type=1)
Function: Filter illegal content
Parameters:
$string a string to check
$match _type Match type, 1 is exact match, 2 is fuzzy match, default is 1
//
Return: Illegal content returns true, no illegal content returns false
Other: illegal keyword list saved in txt file, divided into common illegal keywords and serious illegal keywords two lists
Author: Heiyeluren
Time: 2006-1-18
//
//======================================================================
function Lib_lawless_string_filter ($string, $match _type=1)
{
String NULL to return directly to illegal
$string = Trim ($string);
if (empty ($string))
{
return false;
}
Get a list of important keywords and general keywords
$common _file = "Common_list.txt"; Generic filter keyword List
$signify _file = "Signify_list.txt"; Important Filter Keyword List
If any list file does not exist and returns false directly, the list of two files is read to two arrays
if (!file_exists ($common _file) | | |!file_exists ($signify _file))
{
return false;
}
$common _list = file ($common _file);
$signify _list = file ($signify _file);
Exact match
if ($match _type = = 1)
{
$is _lawless = Exact_match ($string, $common _list);
}
Fuzzy matching
if ($match _type = = 2)
{
$is _lawless = Blur_match ($string, $common _list, $signify _list);
}
Determine if there is data in the array of retrieved results, and if so, prove illegal.
if (Is_array ($is _lawless) &&!empty ($is _lawless))
{
return true;
}
Else
{
return false;
}
}
//---------------------
Exact match, for filtering services
//---------------------
function Exact_match ($string, $common _list)
{
$string = Trim ($string);
$string = Lib_replace_end_tag ($string);
Retrieve the generic filter keyword list
foreach ($common _list as $block)
{
$block = Trim ($block);
if (Preg_match ("/^ $string $/i", $block))
{
$blist [] = $block;
}
}
To determine if there is no filtered content in the array
if (!empty ($blist))
{
Return Array_unique ($blist);
}
return false;
}
//----------------------
Fuzzy matching, for filtering services
//----------------------
function Blur_match ($string, $common _list, $signify _list)
{
$string = Trim ($string);
$s _len = strlen ($string);
$string = Lib_replace_end_tag ($string);
Retrieve the generic filter keyword list
foreach ($common _list as $block)
{
$block = Trim ($block);
if (Preg_match ("/^ $string $/i", $block))
{
$blist [] = $block;
}
}
Retrieve a list of critical filter keywords
foreach ($signify _list as $block)
{
$block = Trim ($block);
if ($s _len>=strlen ($block) && preg_match ("/$block/I", $string))
{
$blist [] = $block;
}
}
To determine if there is no filtered content in the array
if (!empty ($blist))
{
Return Array_unique ($blist);
}
return false;
}
//--------------------------
Replace the HTML footer tag for the filter service
//--------------------------
function Lib_replace_end_tag ($STR)
{
if (empty ($STR)) return false;
$str = Htmlspecialchars ($STR);
$str = Str_replace ('/', "", $str);
$str = Str_replace ("\", "", $str);
$str = Str_replace (">", "", $str);
$str = Str_replace ("<", "", $str);
$str = Str_replace ("", "", $str);
$str = Str_replace ("", "", $str);
$str =str_replace ("Select", "select", $str);
$str =str_replace ("Join", "join", $STR);
$str =str_replace ("union", "union", $STR);
$str =str_replace ("where", "where", $str);
$str =str_replace ("Insert", "Insert", $STR);
$str =str_replace ("delete", "delete", $str);
$str =str_replace ("Update", "Update", $STR);
$str =str_replace ("like", "like", $STR);
$str =str_replace ("Drop", "drop", $str);
$str =str_replace ("Create", "create", $STR);
$str =str_replace ("Modify", "Modify", $str);
$str =str_replace ("rename", "Rename", $str);
$STR =str_replace ("Alter", "Alter", $STR);
$str =str_replace ("cas", "cast", $STR);
$str =str_replace ("&", "&", $STR);
$str =str_replace (">", ">", $str);
$str =str_replace ("<", "<", $str);
$str =str_replace ("", Chr (), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("&", Chr (), $STR);
$str =str_replace ("'", Chr (), $STR);
$str =str_replace ("
", CHR, $STR);
$str =str_replace ("" "," "", $str);
$str =str_replace ("CSS", "'", $str);
$str =str_replace ("CSS", "'", $str);
return $str;
HTML tags, which can be used as an extension filter
/*
$tags = Array ("/html", "/head", "/body", "/div", "/span", "/doctype", "/title", "/link", "/meta", "/style", "P", "/h1,", "/h2," "/h3," "/h4," "/h5," "/h6", "/strong", "/em", "/abbr", "/acronym", "/address", "/bdo", "/blockquote", "/cite", "/q", "/code", "/ins", "/del", "/DFN", "/kbd", "/pre", "/samp", "/var", "/br", "a", "/img", "/area", "/map", "/object", " /param ","/ul ","/ol ","/li ","/dl ","/dt ","/dd ","/table ","/tr ","/td ","/th ","/tbody ","/thead ","/tfoot ","/col "," Colgroup ","/caption ","/form ","/input ","/textarea ","/select ","/option ","/optgroup ","/button ","/label "," FieldSet ","/legend ","/script ","/noscript ","/b "," I ","/tt ","/sub ","/sup ","/big ","/small ","/hr ");
*/
}

Code:

References are directly like this:

Copy Code code as follows:

$xxx = htmlspecialchars ($_post[' xxx '));

Or

Copy Code code as follows:

$xxx = htmlspecialchars ($_get[' xxx '));