Detailed description of html string filtering functions in php

A custom function

The code is as follows:

Copy code

Function StripHTML ($ string ){ $ Pattern = array ("'<script [^>] *?>. *? </Script> 'Si "," '<style [^>] *?>. *? </Style> 'Si "," '<[/!] *? [^ <>] *?> 'Si "," '([rn]) [s] +' "," '& (quot | #34);' I ", "'& (amp | #38);' I", "'& (lt | #60);' I", "'& (gt | #62 ); 'I ","' & (nbsp | #160); 'I ","' & (iexcl | #161); 'I ", "'& (cent | #162);' I", "'& (pound | #163);' I", "'& (copy | #169 ); 'I ","' & # (d +); 'e "); $ Replace = array ('','', "\ 1", ''," & "," <","> ",'', chr (161 ), chr (162), chr (163), chr (169), "chr (\ 1 )"); Return preg_replace ($ pattern, $ replace, $ str ); }

In addition to the preceding custom functions, there is also a php built-in html filter function: strip_tags (string) to filter out all html tags.

If you want to filter out all html tags except , you can write as follows:

The code is as follows:	Copy code
Strip_tags (string, " ");

To filter all html tags except <p> xxx </p> <B> </B>, you can write as follows:

The code is as follows:	Copy code
Strip_tags (string, " <p> <B> ");

Find an anti-SQL injection function on the Internet

The code is as follows:

Copy code

// Php batch filter post and get sensitive data If (get_magic_quotes_gpc ()){ $ _ GET = stripslashes_array ($ _ GET ); $ _ POST = stripslashes_array ($ _ POST ); } Function stripslashes_array (& $ array ){ While (list ($ key, $ var) = each ($ array )){ If ($ key! = 'Argc '& $ key! = 'Argv' & (strtoupper ($ key )! = $ Key | ''. intval ($ key) =" $ key ")){ If (is_string ($ var )){ $ Array [$ key] = stripslashes ($ var ); } If (is_array ($ var )){ $ Array [$ key] = stripslashes_array ($ var ); } } } Return $ array; } //-------------------------- // Replace the HTML tail tag with the filter service www.111cn.net. //-------------------------- Function lib_replace_end_tag ($ str) { If (empty ($ str) return false; $ Str = htmlspecialchars ($ str ); $ Str = str_replace ('/', "", $ str ); $ Str = str_replace ("\", "", $ str ); $ Str = str_replace ("& gt", "", $ str ); $ Str = str_replace ("& lt", "", $ str ); $ Str = str_replace ("<SCRIPT>", "", $ str ); $ Str = str_replace ("</SCRIPT>", "", $ str ); $ Str = str_replace ("<script>", "", $ str ); $ Str = str_replace ("</script>", "", $ str ); $ Str = str_replace ("select", "select", $ str ); $ Str = str_replace ("join", "join", $ str ); $ Str = str_replace ("union", "union", $ str ); $ Str = str_replace ("where", "where", $ str ); $ Str = str_replace ("insert", "insert", $ str ); $ Str = str_replace ("delete", "delete", $ str ); $ Str = str_replace ("update", "update", $ str ); $ Str = str_replace ("like", "like", $ str ); $ Str = str_replace ("drop", "drop", $ str ); $ Str = str_replace ("create", "create", $ str ); $ Str = str_replace ("modify", "modify", $ str ); $ Str = str_replace ("rename", "rename", $ str ); $ Str = str_replace ("alter", "alter", $ str ); $ Str = str_replace ("cas", "cast", $ str ); $ Str = str_replace ("&", "&", $ str ); $ Str = str_replace (">", ">", $ str ); $ Str = str_replace ("<", "<", $ str ); $ Str = str_replace ("", chr (32), $ str ); $ Str = str_replace ("", chr (9), $ str ); $ Str = str_replace ("", chr (9), $ str ); $ Str = str_replace ("&", chr (34), $ str ); $ Str = str_replace ("'", chr (39), $ str ); $ Str = str_replace ("<br/>", chr (13), $ str ); $ Str = str_replace ("'' "," '", $ str ); $ Str = str_replace ("css", "'", $ str ); $ Str = str_replace ("CSS", "'", $ str ); Return $ str; }

Usage

The code is as follows:	Copy code
The reference is like this: $ Xxx = htmlspecialchars ($ _ POST ['XXX']); Or $ Xxx = htmlspecialchars ($ _ GET ['XXX']);