1, the actual filter function can be appropriately modified in which the regular expression
1 static public Function filterwords (& $str {3 $farr = array(4 "/< (\\/?) (script|i?frame|style|html|body|title|link|meta|object|\\?| \\%) ([^>]*?) >/isu ", 5 "/(<[^>]*) on[a-za-z]+\s*= ([^>]*>)/isu ", 6 ); 8 $str = Preg_replace ($ Farr, ", $str); 9 $str = strip_tags ($str); return $str;
2. Call this function to filter the value values in the parameter
static function Filterparams (& $params, $tmp = array()) { if (Is_array ($params)) { foreach ($ params as $k = & $v) { if (Is_array ($v)) { self::filterparams ($v); } else{self::filterwords ($v);}}} else {$arr [] = Self::filterwords ($params);} return $params; }
3. Call this function to filter the key value in the parameter
1 static function FilterKeys ($arr, $subKey, & $myArr {3 foreach ($arr as $k + = $v {5< C8/>if (Is_array ($v {7 $filterKey = self::filterwords ($k); 8 Self::filterkeys ($v, $filterKey, $myArr); 9 10 }else{One $filterKey = Self::filterwords ($k); if ($subKey! = " {$MYARR [$subKey] [$filterKey] = $v ;}else{$MYARR [$filterKey] = $v }20}
PHP POST, GET parameter filtering, prevent SQL injection function