An analysis of PHP filtering HTML strings to prevent SQL injection

This article mainly introduces the analysis of PHP filter HTML string, to prevent SQL injection, has a certain reference value, now share to everyone, the need for friends can refer to

Http://www.mb5u.com/biancheng/php/php_98728.html

This article is a detailed analysis of the implementation code of the string encoding conversion in PHP, the need for a friend reference under the copy Code code as follows:/** * Encode data * @param array/string $data array * @param string $OUTPU T-converted Encoding */function Array_iconv ($data, $output = ' utf-8 ') {$enco This article is a detailed analysis of the methods of filtering HTML strings in PHP to prevent SQL injection, which requires a friend's reference

Batch filter Post,get sensitive data

Copy the Code code as follows:

$_get = Stripslashes_array ($_get); $_post = Stripslashes_array ($_post);

Data filtering functions

Copy the Code code as follows:

Function Stripslashes_array (& $array) {while (list ($key, $var) = each ($array)) {  if ($key! = ' argc ' && $key ! = ' argv ' && (Strtoupper ($key)! = $key | | ". Intval ($key) = =" $key ") {   if (is_string ($var)) {    $array [$key] = stripslashes ($var);   }   if (Is_array ($var))  {    $array [$key] = Stripslashes_array ($var);}}  } return $array;}

Replace HTML footer tags for filtering services

Copy the Code code as follows:

function Lib_replace_end_tag ($STR) {if (empty ($STR)) return false; $str = Htmlspecialchars ($str); $str = Str_replace ('/', "", $STR); $str = str_replace ("\ \", "", $str); $str = Str_replace (">", "", $str); $str = Str_replace ("<", "", $str); $str = Str_replace ("<SCRIPT>", "", $str); $str = Str_replace ("</SCRIPT>", "", $str); $str = Str_replace ("<script>", "", $str); $str = Str_replace ("</script>", "", $str); $str =str_replace ("Select", "select", $str); $str =str_replace ("Join", "join", $STR); $str =str_replace ("union", "union", $STR); $str =str_replace ("where", "where", $str); $str =str_replace ("Insert", "Insert", $STR); $str =str_replace ("delete", "delete", $str); $str =str_replace ("Update", "Update", $STR); $str =str_replace ("like", "like", $STR); $str =str_replace ("Drop", "drop", $str); $str =str_replace ("Create", "create", $STR); $str =str_replace ("Modify", "Modify", $str); $str =str_replace ("rename", "Rename", $str); $STR =str_replace ("Alter", "Alter", $STR); $str =str_replace ("cas", "cast", $sTR); $str =str_replace ("&", "&", $STR); $str =str_replace (">", ">", $str); $str =str_replace ("<", "<", $str); $str =str_replace ("", Chr (+), $str); $str =str_replace ("", Chr (9), $STR); $str =str_replace ("", Chr (9), $STR); $str =str_replace ("&", CHR, $STR); $str =str_replace ("'", Chr (), $STR); $str =str_replace ("<br/>", CHR, $STR); $str =str_replace ("'" "," ' ", $str); $str =str_replace ("CSS", "'", $str);  $str =str_replace ("CSS", "'", $str);  return $str; }

share: Deep parsing of server variable $_server
server variable $_server: 1, $_session[' php_self ']--Get the file name of the currently executing script 2, $_server[' Server_ PROTOCOL ']--the name and version of the communication protocol when the page is requested. For example, http/1.0. 3, $_server[' Request_time ')--timestamp at the beginning of the request. Valid from PHP 5.1.0. and Ti