PHP anti-XSS anti-SQL injection code here provides a function to filter user input content! When using POST to pass values, you can call this function to filter!
/*** Filter parameter * @ param string $ the parameter accepted by str * @ return string */static public function filterWords ($ str) {$ farr = array ("/<(\\/?) (Script | I? Frame | style | html | body | title | link | meta | object | \\? | \ %) ([^>] *?)> /IsU ","/(<[^>] *) on [a-zA-Z] + \ s * = ([^>] *>)/isU ", "/select | insert | update | delete | \ '| \/\ * | \. \. \/| \. \/| union | into | load_file | outfile | dump/is "); $ str = preg_replace ($ farr,'', $ str); return $ str ;} /*** filter accepted parameters or arrays, such as $ _ GET, $ _ POST * @ param array | string $ parameters or arrays accepted by arr * @ return array | string */static public function filterArr ($ arr) {if (is_array ($ arr) {foreach ($ arr as $ k => $ v) {$ arr [$ k] = self :: filterWords ($ v) ;}} else {$ arr = self: filterWords ($ v) ;}return $ arr ;}