This article describes how to filter html strings in php and prevent SQL injection. For more information, see
Batch filter post and get sensitive data
The code is as follows:
$ _ GET = stripslashes_array ($ _ GET );
$ _ POST = stripslashes_array ($ _ POST );
Data filtering function
The code is as follows:
Function stripslashes_array (& $ array ){
While (list ($ key, $ var) = each ($ array )){
If ($ key! = 'Argc '& $ key! = 'Argv' & (strtoupper ($ key )! = $ Key | ''. intval ($ key) =" $ key ")){
If (is_string ($ var )){
$ Array [$ key] = stripslashes ($ var );
}
If (is_array ($ var )){
$ Array [$ key] = stripslashes_array ($ var );
}
}
}
Return $ array;
}
Replaces the HTML tail tag with the filter service.
The code is as follows:
Function lib_replace_end_tag ($ str)
{
If (empty ($ str) return false;
$ Str = htmlspecialchars ($ str );
$ Str = str_replace ('/', "", $ str );
$ Str = str_replace ("\", "", $ str );
$ Str = str_replace (">", "", $ str );
$ Str = str_replace ("<", "", $ str );
$ Str = str_replace ("SCRIPT", "", $ str );
$ Str = str_replace ("SCRIPT", "", $ str );
$ Str = str_replace ("script", "", $ str );
$ Str = str_replace ("script", "", $ str );
$ Str = str_replace ("select", "select", $ str );
$ Str = str_replace ("join", "join", $ str );
$ Str = str_replace ("union", "union", $ str );
$ Str = str_replace ("where", "where", $ str );
$ Str = str_replace ("insert", "insert", $ str );
$ Str = str_replace ("delete", "delete", $ str );
$ Str = str_replace ("update", "update", $ str );
$ Str = str_replace ("like", "like", $ str );
$ Str = str_replace ("drop", "drop", $ str );
$ Str = str_replace ("create", "create", $ str );
$ Str = str_replace ("modify", "modify", $ str );
$ Str = str_replace ("rename", "rename", $ str );
$ Str = str_replace ("alter", "alter", $ str );
$ Str = str_replace ("cas", "cast", $ str );
$ Str = str_replace ("&", "&", $ str );
$ Str = str_replace (">", ">", $ str );
$ Str = str_replace ("<", "<", $ str );
$ Str = str_replace ("", chr (32), $ str );
$ Str = str_replace ("", chr (9), $ str );
$ Str = str_replace ("", chr (9), $ str );
$ Str = str_replace ("&", chr (34), $ str );
$ Str = str_replace ("'", chr (39), $ str );
$ Str = str_replace ("
", Chr (13), $ str );
$ Str = str_replace ("'' "," '", $ str );
$ Str = str_replace ("css", "'", $ str );
$ Str = str_replace ("CSS", "'", $ str );
Return $ str;
}