2012/11/24 at 17:16 » Comments (343)

以下代码实现过滤php的$_GET 和$_POST参数 /** * 安全防范 */ function Add_S($array) { foreach($array as $key=>$value) { if(!is_array($value)) { $value = get_magic_quotes_gpc()?$value:addslashes($value); $array[$key]=filterHtml($value); } Else { Add_S($array[$key]); } } return $array; } function glstr($var) { if (is_array($var)) { return Add_S($var); } elseif(strlen($var)){ $var = get_magic_quotes_gpc()?$var:addslashes($var); $var = filterHtml($var); } return $var; } function filterHtml($html) { $farr = array( "/<!DOCTYPE([^>]*?)>/eis", "/<(\/?)(html|body|head|link|meta|base|input)([^>]*?)>/eis", "/<(script|i?frame|style|title|form)(.*?)<\/\\1>/eis", "/(<[^>]*?\s+)on[a-z]+\s*?=(\"|')([^\\2]*)\\2([^>]*?>)/isU",//过滤javascript的on事件 "/\s+/",//过滤多余的空白 ); $tarr = array( "", "", "", "\\1\\4", " ", ); $html = preg_replace( $farr,$tarr,$html); return $html; } if (sizeof($_GET)) ...more »