An analysis of PHP filtering HTML strings to prevent SQL injection methods

Batch filter Post,get sensitive data

Copy CodeThe code is as follows:
$_get = Stripslashes_array ($_get);
$_post = Stripslashes_array ($_post);

Data filtering functions

Copy CodeThe code is as follows:
Function Stripslashes_array (& $array) {
while (list ($key, $var) = each ($array)) {
if ($key! = ' argc ' && $key! = ' argv ' && (Strtoupper ($key)! = $key | | ". Intval ($key) = =" $key ")) {
if (is_string ($var)) {
$array [$key] = stripslashes ($var);
}
if (Is_array ($var)) {
$array [$key] = Stripslashes_array ($var);
}
}
}
return $array;
}

Replace HTML footer tags for filtering services

Copy CodeThe code is as follows:
function Lib_replace_end_tag ($STR)
{
if (empty ($STR)) return false;
$str = Htmlspecialchars ($STR);
$str = Str_replace ('/', "", $str);
$str = str_replace ("\ \", "", $str);
$str = Str_replace (">", "", $str);
$str = Str_replace ("<", "", $str);
$str = Str_replace ("<SCRIPT>", "", $str);
$str = Str_replace ("</SCRIPT>", "", $str);
$str = Str_replace ("<script>", "", $str);
$str = Str_replace ("</script>", "", $str);
$str =str_replace ("Select", "select", $str);
$str =str_replace ("Join", "join", $STR);
$str =str_replace ("union", "union", $STR);
$str =str_replace ("where", "where", $str);
$str =str_replace ("Insert", "Insert", $STR);
$str =str_replace ("delete", "delete", $str);
$str =str_replace ("Update", "Update", $STR);
$str =str_replace ("like", "like", $STR);
$str =str_replace ("Drop", "drop", $str);
$str =str_replace ("Create", "create", $STR);
$str =str_replace ("Modify", "Modify", $str);
$str =str_replace ("rename", "Rename", $str);
$STR =str_replace ("Alter", "Alter", $STR);
$str =str_replace ("cas", "cast", $STR);
$str =str_replace ("&", "&", $STR);
$str =str_replace (">", ">", $str);
$str =str_replace ("<", "<", $str);
$str =str_replace ("", Chr (+), $str);
$str =str_replace ("", Chr (9), $STR);
$str =str_replace ("", Chr (9), $STR);
$str =str_replace ("&", CHR, $STR);
$str =str_replace ("'", Chr (), $STR);
$str =str_replace ("<br/>", CHR, $STR);
$str =str_replace ("'" "," ' ", $str);
$str =str_replace ("CSS", "'", $str);
$str =str_replace ("CSS", "'", $str);
return $str;
}

An analysis of PHP filtering HTML strings to prevent SQL injection methods