Php: html string filter function _ PHP Tutorial

The html string filtering function in php. The custom function code is as follows: functionStripHTML ($ string) {$ patternarray (script [^] *?. *? Scriptsi, style [^] *?. *? Stylesi, [!] *? [^] *? Si, ([rn]) [s] +, (quot | #34); I. A UDF.

The code is as follows:

Function StripHTML ($ string ){ $ Pattern = array ("' ] *?>. *? Script 'Si ","' ] *?>. *?'Si "," '<[/!] *? [^ <>] *?> 'Si "," '([rn]) [s] +' "," '& (quot | #34);' I ", "'& (amp | #38);' I", "'& (lt | #60);' I", "'& (gt | #62 ); 'I ","' & (nbsp | #160); 'I ","' & (iexcl | #161); 'I ", "'& (cent | #162);' I", "'& (pound | #163);' I", "'& (copy | #169 ); 'I ","' & # (d +); 'e "); $ Replace = array ('','', "\ 1", ''," & "," <","> ",'', chr (161 ), chr (162), chr (163), chr (169), "chr (\ 1 )"); Return preg_replace ($ pattern, $ replace, $ str ); }

In addition to the preceding custom functions, there is also a php built-in html filter function: strip_tags (string) to filter out all html tags.

If you want to filter out all other html tags, you can write as follows:

The code is as follows:
Strip_tags (string ,"");

In addition

Xxx

You can write all other html tags as follows:

The code is as follows:
Strip_tags (string ," ");

Find an anti-SQL injection function on the Internet

The code is as follows:

// Php batch filter post and get sensitive data If (get_magic_quotes_gpc ()){ $ _ GET = stripslashes_array ($ _ GET ); $ _ POST = stripslashes_array ($ _ POST ); } Function stripslashes_array (& $ array ){ While (list ($ key, $ var) = each ($ array )){ If ($ key! = 'Argc '& $ key! = 'Argv' & (strtoupper ($ key )! = $ Key | ''. intval ($ key) =" $ key ")){ If (is_string ($ var )){ $ Array [$ key] = stripslashes ($ var ); } If (is_array ($ var )){ $ Array [$ key] = stripslashes_array ($ var ); } } } Return $ array; } //-------------------------- // Replace the HTML tail tag with the filter service www.111cn.net. //-------------------------- Function lib_replace_end_tag ($ str) { If (empty ($ str) return false; $ Str = htmlspecialchars ($ str ); $ Str = str_replace ('/', "", $ str ); $ Str = str_replace ("\", "", $ str ); $ Str = str_replace (">", "", $ str ); $ Str = str_replace ("<", "", $ str ); $ Str = str_replace ("SCRIPT", "", $ str ); $ Str = str_replace ("SCRIPT", "", $ str ); $ Str = str_replace ("script", "", $ str ); $ Str = str_replace ("script", "", $ str ); $ Str = str_replace ("select", "select", $ str ); $ Str = str_replace ("join", "join", $ str ); $ Str = str_replace ("union", "union", $ str ); $ Str = str_replace ("where", "where", $ str ); $ Str = str_replace ("insert", "insert", $ str ); $ Str = str_replace ("delete", "delete", $ str ); $ Str = str_replace ("update", "update", $ str ); $ Str = str_replace ("like", "like", $ str ); $ Str = str_replace ("drop", "drop", $ str ); $ Str = str_replace ("create", "create", $ str ); $ Str = str_replace ("modify", "modify", $ str ); $ Str = str_replace ("rename", "rename", $ str ); $ Str = str_replace ("alter", "alter", $ str ); $ Str = str_replace ("cas", "cast", $ str ); $ Str = str_replace ("&", "&", $ str ); $ Str = str_replace (">", ">", $ str ); $ Str = str_replace ("<", "<", $ str ); $ Str = str_replace ("", chr (32), $ str ); $ Str = str_replace ("", chr (9), $ str ); $ Str = str_replace ("", chr (9), $ str ); $ Str = str_replace ("&", chr (34), $ str ); $ Str = str_replace ("'", chr (39), $ str ); $ Str = str_replace (" ", Chr (13), $ str ); $ Str = str_replace ("'' "," '", $ str ); $ Str = str_replace ("css", "'", $ str ); $ Str = str_replace ("CSS", "'", $ str ); Return $ str; }

Usage

The code is as follows:
The reference is like this: $ Xxx = htmlspecialchars ($ _ POST ['XXX']); Or $ Xxx = htmlspecialchars ($ _ GET ['XXX']);

The signature code is as follows: function StripHTML ($ string) {$ pattern = array ('script [^] *?. *? /Script 'Si, 'style [^] *?. *? /Style 'Si, '[/!] *? [^] *? 'Si, '([rn]) [s] +', '(quot | #34);' I...