Dangerous code form submission for php filter form submission if the security is poor, it is easy to cause the website to be attacked because of this form submission, next, I will share two examples of dangerous code submitted by common php filter forms. For more information, see.
Example 1: The code is as follows:
Function uhtml ($ str)
{
$ Farr = array (
"/S +/", // filter unnecessary spaces
// Filter scripts and other code that may introduce malicious content or maliciously change the display layout. if you do not need to insert flash
Can joinFilter
"/<(/?) (Script | I? Frame | style | html | body | title | link | meta |? | %) ([^>] *?)> /IsU ",
"/(<[^>] *) On [a-zA-Z] + s * = ([^>] *>)/isU ", // filter javascript on events
);
$ Tarr = array (
"",
"<123>", // If you want to directly clear insecure labels, leave it blank.
"12 ",
);
$ Str = preg_replace ($ farr, $ tarr, $ str );
Return $ str;
}
For example 2, the code is as follows:
// Get post data
Function PostGet ($ str, $ post = 0)
{
Emptyempty ($ str )? Die ('para is Null'. $ str .'! '):'';
If ($ post)
{
If (get_magic_quotes_gpc ())
{
Return htmlspecialchars (isset ($ _ POST [$ str])? $ _ POST
[$ Str]: '');
}
Else
{
Return addslashes (htmlspecialchars (isset ($ _ POST [$ str])?
$ _ POST [$ str]: '');
}
}
Else
{
If (get_magic_quotes_gpc ())
{
Return htmlspecialchars (isset ($ _ GET [$ str])? $ _ GET [$ str]: '');
}
Else
{
Return addslashes (htmlspecialchars (isset ($ _ GET [$ str])?
$ _ GET [$ str]: '');
}
} // Open source code phpfensi.com
}