PHP anti-injection filtering customer submitted $_get and $_post parameters

The following code implements the $_get and $_post parameters for filtering PHP

The code is as follows

Copy Code

/** * Security Precautions */ function add_s ($array) { foreach ($array as $key => $value) { if (!is_array ($value)) { $value = GET_MAGIC_QUOTES_GPC () $value: Addslashes ($value); $array [$key]=filterhtml ($value); } Else { add_s ($array [$key]); } } return $array; } function Glstr ($var) { if (Is_array ($var)) { Return add_s ($var); } ElseIf (strlen ($var)) { $var = GET_MAGIC_QUOTES_GPC () $var: Addslashes ($var); $var = filterhtml ($var); } return $var; } function filterhtml ($html) { $farr = Array ( "/<! DOCTYPE ([^>]*?) >/eis ", "/< (/?) (Html|body|head|link|meta|base|input) ([^>]*?) >/eis ", "/< (Script|i?frame|style|title|form) (. *?) </\1>/eis ", "/(<[^>]*?s+) on[a-z]+s*?= (" | ") ([^\2]*) \2 ([^>]*?>)/isu ",//filter JavaScript on event "/s+/",//filtering excess blank ); $tarr = Array ( "", "", "", "\1\4", " ", ); $html = Preg_replace ($farr, $tarr, $html); return $html; } if (sizeof ($_get)) { foreach ($_get as $key => $value) { $_get[$key] = glstr ($value); // } } if (sizeof ($_post)) { foreach ($_post as $key => $value) { $_post[$key] = glstr ($value); // } }