Php filters all malicious characters

Let's see you!

Code:

// Php batch filter post, get sensitive data if (get_magic_quotes_gpc () {$ _ GET = stripslashes_array ($ _ GET); $ _ POST = stripslashes_array ($ _ POST );} function stripslashes_array (& $ array) {while (list ($ key, $ var) = each ($ array) {if ($ key! = 'Argc '& $ key! = 'Argv' & (strtoupper ($ key )! = $ Key | ''. intval ($ key) = "$ key") {if (is_string ($ var) {$ array [$ key] = stripslashes ($ var );} if (is_array ($ var) {$ array [$ key] = stripslashes_array ($ var) ;}} return $ array ;}// filter function htmlencode ($ str) {if (empty ($ str) return; if ($ str = "") return $ str; $ str = trim ($ str ); $ str = str_replace ("&", "&", $ str); $ str = str_replace (">", ">", $ str ); $ str = str_replace ("<", "<", $ str); $ str = str_replace (chr (32), "", $ str); $ str = Str_replace (chr (9), "", $ str); $ str = str_replace (chr (9), "", $ str ); $ str = str_replace (chr (34), "&", $ str); $ str = str_replace (chr (39), "'", $ str ); $ str = str_replace (chr (13), "", $ str); $ str = str_replace ("'", "'' ", $ str ); $ str = str_replace ("select", "select", $ str); $ str = str_replace ("SCRIPT", "SCRIPT", $ str ); $ str = str_replace ("script", "script", $ str); $ str = str_replace ("join", "join", $ str ); $ str = str_replace ("union", "union", $ str); $ Str = str_replace ("where", "where", $ str); $ str = str_replace ("insert", "insert", $ str ); $ str = str_replace ("delete", "delete", $ str); $ str = str_replace ("update", "update", $ str ); $ str = str_replace ("like", "like", $ str); $ str = str_replace ("drop", "drop", $ str ); $ str = str_replace ("create", "create", $ str); $ str = str_replace ("modify", "modify", $ str ); $ str = str_replace ("rename", "rename", $ str); $ str = str_replace ("alter", "alter", $ str); $ st R = str_replace ("cast", "cas", $ str); return $ str;} // decode function htmldecode ($ str) {if (empty ($ str )) return; if ($ str = "") return $ str; $ str = str_replace ("select", "select", $ str ); $ str = str_replace ("join", "join", $ str); $ str = str_replace ("union", "union", $ str ); $ str = str_replace ("where", "where", $ str); $ str = str_replace ("insert", "insert", $ str ); $ str = str_replace ("delete", "delete", $ str); $ str = str_replace ("update", "update", $ st R); $ str = str_replace ("like", "like", $ str); $ str = str_replace ("drop", "drop", $ str ); $ str = str_replace ("create", "create", $ str); $ str = str_replace ("modify", "modify", $ str ); $ str = str_replace ("rename", "rename", $ str); $ str = str_replace ("alter", "alter", $ str ); $ str = str_replace ("cas", "cast", $ str); $ str = str_replace ("&", "&", $ str ); $ str = str_replace (">", ">", $ str); $ str = str_replace ("<", "<", $ str ); $ str = str_replace ("", chr (32), $ st R); $ str = str_replace ("", chr (9), $ str); $ str = str_replace ("", chr (9), $ str ); $ str = str_replace ("&", chr (34), $ str); $ str = str_replace ("'", chr (39), $ str ); $ str = str_replace ("", chr (13), $ str); $ str = str_replace ("'' "," '", $ str); return $ str ;} // function: string_filter ($ string, $ match_type = 1) // function: filter illegal content // parameter: // $ string the string to be checked // $ match_type matches the type, 1 indicates exact match, 2 indicates fuzzy match, and the default value is 1. // return: if any illegal content exists, True is returned. If no illegal content exists, False is returned. // Other: the list of invalid keywords is saved in the txt file, which is divided into common non- List of legal and severe illegal keywords // Author: heiyeluren // time: 2006-1-18 // ======================================== ======================================================== function lib_lawless_string_filter ($ string, $ match_type = 1) {// the string is null and returns invalid $ string = trim ($ string); if (empty ($ string) {return false ;} // obtain the list of important keywords and common keywords $ common_file = "common_list.txt"; // list of common filter keywords $ signify_file = "signify_list.txt "; // list of important filter keywords // If any list file does not exist, false is returned directly; otherwise, the list of two files is read to two numbers. If (! File_exists ($ common_file) |! File_exists ($ signify_file) {return false;} $ common_list = file ($ common_file); $ signify_list = file ($ signify_file ); // exact match if ($ match_type = 1) {$ is_lawless = exact_match ($ string, $ common_list);} // fuzzy match if ($ match_type = 2) {$ is_lawless = blur_match ($ string, $ common_list, $ signify_list);} // checks whether data exists in the search result array. If yes, the proof is invalid if (is_array ($ is_lawless )&&! Empty ($ is_lawless) {return true;} else {return false ;}// --------------------- // exact match for the filter service // --------------------- function exact_match ($ string, $ common_list) {$ string = trim ($ string); $ string = lib_replace_end_tag ($ string); // retrieve the regular filter keyword list foreach ($ common_list as $ block) {$ block = trim ($ block); if (preg_match ("/^ $ string $/I", $ block) {$ blist [] = $ block ;}} // determine whether there is any filtered content in the array if (! Empty ($ blist) {return array_unique ($ blist);} return false;} // -------------------- // fuzzy match for filtering service // ------------------------ function blur_match ($ string, $ common_list, $ signify_list) {$ string = trim ($ string); $ s_len = strlen ($ string); $ string = lib_replace_end_tag ($ string ); // retrieve the list of common filter keywords foreach ($ common_list as $ block) {$ block = trim ($ block); if (preg_match ("/^ $ string $/I ", $ block) {$ blist [] = $ block ;}// search for severe Filtering Key word list foreach ($ signify_list as $ block) {$ block = trim ($ block); if ($ s_len> = strlen ($ block) & preg_match ("/$ block/I", $ string) {$ blist [] = $ block ;}// you can check whether any filtered content is in the array. if (! Empty ($ blist) {return array_unique ($ blist);} return false;} // ------------------------ // Replace the HTML tail tag, for the filtering service // -------------------------- function lib_replace_end_tag ($ str) {if (empty ($ str) return false; $ str = htmlspecialchars ($ str ); $ str = str_replace ('/', "", $ str); $ str = str_replace ("\", "", $ str ); $ str = str_replace (">", "", $ str); $ str = str_replace ("<", "", $ str); $ str = str_replace ("", "", $ str); $ str = str_replace ("", "", $ str); $ str = str_replace ("select", "select", $ str ); $ str = str_replace ("join", "join", $ str); $ str = str_replace ("union", "union", $ str ); $ str = str_replace ("where", "where", $ str); $ str = str_replace ("insert", "insert", $ str ); $ str = str_replace ("delete", "delete", $ str); $ str = str_replace ("update", "update", $ str ); $ str = str_replace ("like", "like", $ str); $ str = str_replace ("drop", "drop", $ str ); $ str = str_replace ("create", "create", $ str); $ str = str_replace ("modify", "modify", $ str ); $ str = str_replace ("rename", "rename", $ str); $ str = str_replace ("alter", "alter", $ str ); $ str = str_replace ("cas", "cast", $ str); $ str = str_replace ("&", "&", $ str ); $ str = str_replace (">", ">", $ str); $ str = str_replace ("<", "<", $ str ); $ str = str_replace ("", chr (32), $ str); $ str = str_replace ("", chr (9), $ str ); $ str = str_replace ("", chr (9), $ str); $ str = str_replace ("&", chr (34), $ str ); $ str = str_replace ("'", chr (39), $ str); $ str = str_replace ("", chr (13), $ str ); $ str = str_replace ("'' "," '", $ str); $ str = str_replace (" css ","' ", $ str ); $ str = str_replace ("CSS", "'", $ str); return $ str; // HTML tag, can be used as extension filters/* $ tags = array ("/html", "/head", "/body", "/div", "/span ", "/DOCTYPE", "/title", "/link", "/meta", "/style", "/p", "/h1,", "/h2, ","/h3, ","/h4, ","/h5, ","/h6 ","/strong ","/em ","/abbr ", "/acronym", "/address", "/bdo", "/blockquote", "/cite", "/q", "/code", "/ins ", "/del", "/dfn", "/kbd", "/pre", "/samp", "/var", "/br", "/", "/img", "/area", "/map", "/object", "/param", "/ul", "/ol", "/li ", "/dl", "/dt", "/dd", "/table", "/tr", "/td", "/th", "/tbody ", "/thead", "/tfoot", "/col", "/colgroup", "/caption", "/form", "/input", "/textarea ", "/select", "/option", "/optgroup", "/button", "/label", "/fieldset", "/legend", "/script ", "/noscript", "/B", "/I", "/tt", "/sub", "/sup", "/big", "/small ", "/hr ");*/}

Code:

The reference is like this:

$ Xxx = htmlspecialchars ($ _ POST ['xxx']);

Or

$ Xxx = htmlspecialchars ($ _ GET ['xxx']);