Simple analysis of PHP filtering HTML string to prevent SQL injection method _php technique

Bulk filter Post,get Sensitive data

Copy Code code as follows:

$_get = Stripslashes_array ($_get);
$_post = Stripslashes_array ($_post);

Data filtering function

Copy Code code as follows:

Function Stripslashes_array (& $array) {
while (the list ($key, $var) = each ($array)) {
if ($key!= ' argc ' && $key!= ' argv ' && (Strtoupper ($key)!= $key | | '. Intval ($key) = = "$key")) {
if (is_string ($var)) {
$array [$key] = stripslashes ($var);
}
if (Is_array ($var)) {
$array [$key] = Stripslashes_array ($var);
}
}
}
return $array;
}

Replace the HTML footer tag for the filter service

Copy Code code as follows:

function Lib_replace_end_tag ($STR)
{
if (empty ($STR)) return false;
$str = Htmlspecialchars ($STR);
$str = Str_replace ('/', "", $str);
$str = Str_replace ("\", "", $str);
$str = Str_replace (">", "", $str);
$str = Str_replace ("<", "", $str);
$str = Str_replace ("<SCRIPT>", "", $str);
$str = Str_replace ("</SCRIPT>", "", $str);
$str = Str_replace ("<script>", "", $str);
$str = Str_replace ("</script>", "", $str);
$str =str_replace ("Select", "select", $str);
$str =str_replace ("Join", "join", $STR);
$str =str_replace ("union", "union", $STR);
$str =str_replace ("where", "where", $str);
$str =str_replace ("Insert", "Insert", $STR);
$str =str_replace ("delete", "delete", $str);
$str =str_replace ("Update", "Update", $STR);
$str =str_replace ("like", "like", $STR);
$str =str_replace ("Drop", "drop", $str);
$str =str_replace ("Create", "create", $STR);
$str =str_replace ("Modify", "Modify", $str);
$str =str_replace ("rename", "Rename", $str);
$STR =str_replace ("Alter", "Alter", $STR);
$str =str_replace ("cas", "cast", $STR);
$str =str_replace ("&", "&", $STR);
$str =str_replace (">", ">", $str);
$str =str_replace ("<", "<", $str);
$str =str_replace ("", Chr (), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("&", Chr (), $STR);
$str =str_replace ("'", Chr (), $STR);
$str =str_replace ("<br/>", Chr (), $STR);
$str =str_replace ("" "," "", $str);
$str =str_replace ("CSS", "'", $str);
$str =str_replace ("CSS", "'", $str);
return $str;
}