<?php//php anti-injection and XSS attack universal filtering. by Qq:831937$_get && Safefilter ($_get) $_post && safefilter ($_post); $_cookie && safefilt ER ($_cookie); Function Safefilter (& $arr) {$ra =array ('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '/script/', '/javascript/', '/VBSC ript/', '/expression/', '/applet/', '/meta/', '/xml/', '/blink/', '/link/', '/style/', '/embed/', '/object/', '/frame/', '/layer/', '/title/', '/bgsound/', '/base/', '/onload/', '/onunload/', '/onchange/', '/onsubmit/', '/onreset/', '/ onselect/', '/onblur/', '/onfocus/', '/onabort/', '/onkeydown/', '/onkeypress/', '/onkeyup/', '/onclick/', '/ ondblclick/', '/onmousedown/', '/onmousemove/', '/onmouseout/', '/onmouseover/', '/onmouseup/', '/onunload/'); if (Is_array ($arr)) {foreach ($arr as $key = + $value) {if (!is_array ($value)) {if (!GET_MAGIC_QUOTES_GPC ())//Do not use Addslashes () for MAGIC_QUOTES_GPC escaped characters and avoid double escaping. {$value = addslashes ($value); Give single quotation marks ('), double quotation marks ("), backslash (\) with NUL (NULL character) plus backslash escape} $value = Preg_replace ($ra, ', $value); Remove nonprinting characters, brute-filtering XSS suspicious string $arr [$key] = Htmlentities (Strip_tags ($value)); Remove HTML and PHP markup and convert to HTML entity} else {safefilter ($arr [$key]); }}}}?>
Prevent Xss,sql attack function