Method filters HTML Custom functions
The code is as follows |
Copy Code |
function Ihtmlspecialchars ($string) { if (Is_array ($string)) { foreach ($string as $key => $val) { $string [$key] = Ihtmlspecialchars ($val); } } else { $string = Preg_replace ('/& (d{3,5}|x[a-fa-f0-9]{4}) |[ a-za-z][a-z0-9]{2,5});)/', ' &\1 ', Str_replace (' & ', ' "', ' < ', ' > '), Array (' & ', ' " ', ' < ', ' > '), $string)); } return $string; |
Method Two
code is as follows |
copy code |
//$rptype = 0 Represents replacing HTML tags only //$rptype = 1 means replacing HTML tags at the same time removing contiguous whitespace characters //$rptype = 2 means replacing HTML tags and removing all white characters at the same time. //$rptype =-1 represents HTML-Dangerous markup function Htmlreplace ($str, $rptype =0) { $str = strips Tutorial Lashes ($STR); if ($rptype ==0) { $str = Htmlspecialchars ($STR); } Else if ($rptype ==1) { $str = Htmlspecialchars ($STR); $str = Str_replace ("", ", $str); $str = ereg_replace ("[Rnt]{1,}", "", $str); } Else if ($rptype ==2) { $str = Htmlspecialchars ($STR); $str = Str_replace ("", ", $str); $str = ereg_replace ("[Rnt]", "", $str); } Else { $str = ereg_replace ("[Rnt]{1,}", "", $str); $str = eregi_replace (' script ', ' script ', $str); $str = Eregi_replace ("<[/]{0,1} (Link|meta|ifr|fra) [^>]*>", ", $str); } Return addslashes ($STR); } |
Other methods
PHP Tutorial Filter unsafe character functions
The code is as follows |
Copy Code |
Function uh ($STR) { $farr = Array ( "/s+/",//filtering extra white space "/<" (/?) (script|i?frame|style|html|body|title|link|meta|?|%) ([^>]*?) >/isu ",//filter <script, etc. may introduce malicious content or malicious changes to display the layout of the code, if you do not need to insert flash, etc., you can also join the <object filter "/(<[^>]*) on[a-za-z]+s*= ([^>]*>)/isu",//Filter page effects on the event ); $tarr = Array ( "", "<\1\2\3>",//If you want to clear the unsafe label directly, you can leave this blank "\1\2", ); $STR = preg_replace ($farr, $tarr, $STR); return $str; |