Php filters all malicious characters (batch filters post and get sensitive data ). Function Code: Copy the code as follows: php batch filter post, get sensitive data if (get_magic_quotes_gpc () {$ _ GETstripslashes_array ($ _ GET ); $ _ POSTstripslashes_array ($ _ POS function code:
The code is as follows:
// Php batch filter post and get sensitive data
If (get_magic_quotes_gpc ()){
$ _ GET = stripslashes_array ($ _ GET );
$ _ POST = stripslashes_array ($ _ POST );
}
Function stripslashes_array (& $ array ){
While (list ($ key, $ var) = each ($ array )){
If ($ key! = 'Argc '& $ key! = 'Argv' & (strtoupper ($ key )! = $ Key | ''. intval ($ key) =" $ key ")){
If (is_string ($ var )){
$ Array [$ key] = stripslashes ($ var );
}
If (is_array ($ var )){
$ Array [$ key] = stripslashes_array ($ var );
}
}
}
Return $ array;
}
// Filter
Function htmlencode ($ str ){
If (empty ($ str) return;
If ($ str = "") return $ str;
$ Str = trim ($ str );
$ Str = str_replace ("&", "&", $ str );
$ Str = str_replace (">", ">", $ str );
$ Str = str_replace ("<", "<", $ str );
$ Str = str_replace (chr (32), "", $ str );
$ Str = str_replace (chr (9), "", $ str );
$ Str = str_replace (chr (9), "", $ str );
$ Str = str_replace (chr (34), "&", $ str );
$ Str = str_replace (chr (39), "'", $ str );
$ Str = str_replace (chr (13 ),"
", $ Str );
$ Str = str_replace ("'", "'' ", $ str );
$ Str = str_replace ("select", "select", $ str );
$ Str = str_replace ("SCRIPT", "SCRIPT", $ str );
$ Str = str_replace ("script", "script", $ str );
$ Str = str_replace ("join", "join", $ str );
$ Str = str_replace ("union", "union", $ str );
$ Str = str_replace ("where", "where", $ str );
$ Str = str_replace ("insert", "insert", $ str );
$ Str = str_replace ("delete", "delete", $ str );
$ Str = str_replace ("update", "update", $ str );
$ Str = str_replace ("like", "like", $ str );
$ Str = str_replace ("drop", "drop", $ str );
$ Str = str_replace ("create", "create", $ str );
$ Str = str_replace ("modify", "modify", $ str );
$ Str = str_replace ("rename", "rename", $ str );
$ Str = str_replace ("alter", "alter", $ str );
$ Str = str_replace ("cast", "cas", $ str );
Return $ str;
}
// Decoding
Function htmldecode ($ str ){
If (empty ($ str) return;
If ($ str = "") return $ str;
$ Str = str_replace ("select", "select", $ str );
$ Str = str_replace ("join", "join", $ str );
$ Str = str_replace ("union", "union", $ str );
$ Str = str_replace ("where", "where", $ str );
$ Str = str_replace ("insert", "insert", $ str );
$ Str = str_replace ("delete", "delete", $ str );
$ Str = str_replace ("update", "update", $ str );
$ Str = str_replace ("like", "like", $ str );
$ Str = str_replace ("drop", "drop", $ str );
$ Str = str_replace ("create", "create", $ str );
$ Str = str_replace ("modify", "modify", $ str );
$ Str = str_replace ("rename", "rename", $ str );
$ Str = str_replace ("alter", "alter", $ str );
$ Str = str_replace ("cas", "cast", $ str );
$ Str = str_replace ("&", "&", $ str );
$ Str = str_replace (">", ">", $ str );
$ Str = str_replace ("<", "<", $ str );
$ Str = str_replace ("", chr (32), $ str );
$ Str = str_replace ("", chr (9), $ str );
$ Str = str_replace ("", chr (9), $ str );
$ Str = str_replace ("&", chr (34), $ str );
$ Str = str_replace ("'", chr (39), $ str );
$ Str = str_replace ("
", Chr (13), $ str );
$ Str = str_replace ("'' "," '", $ str );
Return $ str;
}
// Function: string_filter ($ string, $ match_type = 1)
// Function: filter illegal content
// Parameters:
// $ String to be checked
// $ Match_type: Exact match; fuzzy match; default value: 1
//
// Return: If illegal content exists, True is returned. If no illegal content exists, False is returned.
// Others: The list of illegal keywords is saved in the txt file, which is divided into two lists: common and severe illegal keywords
// Author: heiyeluren
// Time: 2006-1-18
//
// ================================================ ======================================
Function lib_lawless_string_filter ($ string, $ match_type = 1)
{
// If the string is null, the returned result is invalid.
$ String = trim ($ string );
If (empty ($ string ))
{
Return false;
}
// Obtain the list of important and common keywords
$ Common_file = "common_list.txt"; // list of common filter keywords
$ Signify_file = "signify_list.txt"; // list of important filter keywords
// If any list file does not exist, the system returns false; otherwise, the list of two files is read to two arrays.
If (! File_exists ($ common_file) |! File_exists ($ signify_file ))
{
Return false;
}
$ Common_list = file ($ common_file );
$ Signify_list = file ($ signify_file );
// Exact match
If ($ match_type = 1)
{
$ Is_lawless = exact_match ($ string, $ common_list );
}
// Fuzzy match
If ($ match_type = 2)
{
$ Is_lawless = blur_match ($ string, $ common_list, $ signify_list );
}
// Determine whether there is any data in the search result array. If yes, it turns out to be illegal.
If (is_array ($ is_lawless )&&! Empty ($ is_lawless ))
{
Return true;
}
Else
{
Return false;
}
}
//---------------------
// Exact match for the filtering service
//---------------------
Function exact_match ($ string, $ common_list)
{
$ String = trim ($ string );
$ String = lib_replace_end_tag ($ string );
// Retrieve the list of common filter keywords
Foreach ($ common_list as $ block)
{
$ Block = trim ($ block );
If (preg_match ("/^ $ string $/I", $ block ))
{
$ Blist [] = $ block;
}
}
// Determine whether the filter content is in the array
If (! Empty ($ blist ))
{
Return array_unique ($ blist );
}
Return false;
}
//----------------------
// Fuzzy match for filtering
//----------------------
Function blur_match ($ string, $ common_list, $ signify_list)
{
$ String = trim ($ string );
$ S_len = strlen ($ string );
$ String = lib_replace_end_tag ($ string );
// Retrieve the list of common filter keywords
Foreach ($ common_list as $ block)
{
$ Block = trim ($ block );
If (preg_match ("/^ $ string $/I", $ block ))
{
$ Blist [] = $ block;
}
}
// Retrieve the list of severely filtered keywords
Foreach ($ signify_list as $ block)
{
$ Block = trim ($ block );
If ($ s_len> = strlen ($ block) & preg_match ("/$ block/I", $ string ))
{
$ Blist [] = $ block;
}
}
// Determine whether the filter content is in the array
If (! Empty ($ blist ))
{
Return array_unique ($ blist );
}
Return false;
}
//--------------------------
// Replace the HTML tail tag for the filtering service
//--------------------------
Function lib_replace_end_tag ($ str)
{
If (empty ($ str) return false;
$ Str = htmlspecialchars ($ str );
$ Str = str_replace ('/', "", $ str );
$ Str = str_replace ("\", "", $ str );
$ Str = str_replace (">", "", $ str );
$ Str = str_replace ("<", "", $ str );
$ Str = str_replace ("", "", $ str );
$ Str = str_replace ("", "", $ str );
$ Str = str_replace ("select", "select", $ str );
$ Str = str_replace ("join", "join", $ str );
$ Str = str_replace ("union", "union", $ str );
$ Str = str_replace ("where", "where", $ str );
$ Str = str_replace ("insert", "insert", $ str );
$ Str = str_replace ("delete", "delete", $ str );
$ Str = str_replace ("update", "update", $ str );
$ Str = str_replace ("like", "like", $ str );
$ Str = str_replace ("drop", "drop", $ str );
$ Str = str_replace ("create", "create", $ str );
$ Str = str_replace ("modify", "modify", $ str );
$ Str = str_replace ("rename", "rename", $ str );
$ Str = str_replace ("alter", "alter", $ str );
$ Str = str_replace ("cas", "cast", $ str );
$ Str = str_replace ("&", "&", $ str );
$ Str = str_replace (">", ">", $ str );
$ Str = str_replace ("<", "<", $ str );
$ Str = str_replace ("", chr (32), $ str );
$ Str = str_replace ("", chr (9), $ str );
$ Str = str_replace ("", chr (9), $ str );
$ Str = str_replace ("&", chr (34), $ str );
$ Str = str_replace ("'", chr (39), $ str );
$ Str = str_replace ("
", Chr (13), $ str );
$ Str = str_replace ("'' "," '", $ str );
$ Str = str_replace ("css", "'", $ str );
$ Str = str_replace ("CSS", "'", $ str );
Return $ str;
// HTML tag, which can be used as extension filter
/*
$ Tags = array ("/html", "/head", "/body", "/p", "/span", "/DOCTYPE", "/title ", "/link", "/meta", "/style", "/p", "/h1,", "/h2,", "/h3 ,", "/h4,", "/h5,", "/h6", "/strong", "/em", "/abbr", "/acronym ", "/address", "/bdo", "/blockquote", "/cite", "/q", "/code", "/ins", "/del ", "/dfn", "/kbd", "/pre", "/samp", "/var", "/br", "/a", "/img ", "/area", "/map", "/object", "/param", "/ul", "/ol", "/li", "/dl ", "/dt", "/dd", "/table", "/tr", "/td", "/th", "/tbody", "/thead ", "/tfoot", "/col", "/colgroup", "/caption", "/form", "/input", "/textarea", "/select ", "/option", "/optgroup", "/button", "/label", "/fieldset", "/legend", "/script", "/noscript ", "/B", "/I", "/tt", "/sub", "/sup", "/big", "/small ", "/hr ");
*/
}
Code:
The reference is like this:
The code is as follows:
$ Xxx = htmlspecialchars ($ _ POST ['XXX']);
Or
The code is as follows:
$ Xxx = htmlspecialchars ($ _ GET ['XXX']);
The authorization code is as follows: // php batch filter post, get sensitive data if (get_magic_quotes_gpc () {$ _ GET = stripslashes_array ($ _ GET ); $ _ POST = stripslashes_array ($ _ POS...