= = anti-injection automatic filtering [low]========================================================================================= efficiency after activation] =
/*
function Inject_checks ($sql _str) {return eregi (' select|insert|update|delete| ' | /*|*|.. /|. /|union|into|load_file|outfile ', $sql _str);}
foreach ($_request as $value) {if (Inject_checks ($value)) {echo <script language=javascript>alert (' The data you submitted is illegal, Please check and resubmit! ');</script> '; exit;}}
*/
= = Anti-note [Inject_check ($sql _str)]================================================================================ ==========
function Inject_check ($sql _str) {
if (eregi (' Select|insert|update|delete|union|into|load_file|outfile ', $sql _str)) {echo <script language= Javascript>alert (' You submit the data illegally, please check and resubmit! ');</script> "; exit;}
return $sql _str;
}
= = Character filter [Safe_convert ($string)]==============================================================================
function Safe_convert ($string) {//words Filter
if (GET_MAGIC_QUOTES_GPC ()) {//escape character plus backslash
$string =htmlspecialchars ($string, ent_quotes); Convert a special character to an HTML string format like "&" to "&"
$string =str_replace ("<", "<", $string); Replace
$string =str_replace (">", ">", $string); Replace
$string =str_replace ("\", ' & #92; ', $string); Replace
} else {
$string =addslashes ($string); Escape character plus backslash//$string =stripslashes ($string); Remove backslash
$string =str_replace (" \ \, ' & #92; ', $string);
}
//$string =str_replace ("R", "<br/>", $string);//linefeed
//$string =STR _replace ("n", "", $string); Spaces
$string =str_replace ("T", " ", $string);//spaces
$ String=str_replace (" ", " ", $string); Space
//$string =str_replace (' | ', ' & #124; ', $string);//replace conflict with classification system
$ String=str_replace ("& #96;", "& #96;", $string); Replace
$string =str_replace ("& #92;", "& #92;", $string);//Replace
return $string;
}
//== character anti-filter [Unsafe_convert ($string)]=================================================================== ===========
Function Unsafe_convert ($string) {//words Filter
$string =str_replace ("&# 92;" "," " ", $string); Replace the
return $string;
}
//== character filter [Filter ($string)]=============================================================================== =============
Function Filter ($string) {//words filter
include ("filter.php");//Glossary filter List
foreach ($badwords As $badword) {
if (stristr ($string, $badword) ==true) {echo <script Language=javascript>alert (' Warning: The content you submitted contains sensitive words, please change the content. ');</script> "; exit;}
}
return $string;
}