If the security of Form submission is poor, it is easy to attack the website because of this form submission. Here I will share two examples of dangerous code commonly used php Filter Form submission, for more information, see.
Example 1
The Code is as follows: |
Copy code |
Function uhtml ($ str) { $ Farr = array ( "/S +/", // filter unnecessary Spaces // Filter <script> and other code that may introduce malicious content or maliciously change the display layout. If you do not need to insert flash You can add <object> filter. "/<(/?) (Script | I? Frame | style | html | body | title | link | meta |? | %) ([^>] *?)> /IsU ", "/(<[^>] *) On [a-zA-Z] + s * = ([^>] *>)/isU ", // filter javascript on events ); $ Tarr = array ( "", "<123>", // If You Want To directly clear insecure labels, leave it blank. "12 ", ); $ Str = preg_replace ($ farr, $ tarr, $ str ); Return $ str; } |
Example 2
Or
The Code is as follows: |
Copy code |
// Get post data Function PostGet ($ str, $ post = 0) { Empty ($ str )? Die ('para is null'. $ str .'! '):'';
If ($ post) { If (get_magic_quotes_gpc ()) { Return htmlspecialchars (isset ($ _ POST [$ str])? $ _ POST [$ Str]: ''); } Else { Return addslashes (htmlspecialchars (isset ($ _ POST [$ str])? $ _ POST [$ str]: ''); }
} Else { If (get_magic_quotes_gpc ()) { Return htmlspecialchars (isset ($ _ GET [$ str])? $ _ GET [$ str]: ''); } Else { Return addslashes (htmlspecialchars (isset ($ _ GET [$ str])? $ _ GET [$ str]: ''); } } } |