Backend Development
PHP Tutorial
PHP filter html string to prevent SQL injection example code_PHP tutorial
PHP filter html string to prevent SQL injection example code_PHP tutorial
php filters html strings to prevent SQL injection, uses functions to process strings that will be written to the database, and filters illegal information and malicious html codes!
Code:
//php 批量过滤post,get敏感数据
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var)) {
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
//过滤
function htmlencode($str){
if(empty($str)) return;
if($str=="") return $str;
$str=trim($str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(chr(32)," ",$str);
$str=str_replace(chr(9)," ",$str);
$str=str_replace(chr(9)," ",$str);
$str=str_replace(chr(34),"&",$str);
$str=str_replace(chr(39),"'",$str);
$str=str_replace(chr(13),"
",$str);
$str=str_replace("'","''",$str);
$str=str_replace("select","select",$str);
$str=str_replace("SCRIPT","SCRIPT",$str);
$str=str_replace("script","script",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cast","cas",$str);
return $str;
}
//解码
function htmldecode($str){
if(empty($str)) return;
if($str=="") return $str;
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast",$str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(" ",chr(32),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace("&",chr(34),$str);
$str=str_replace("'",chr(39),$str);
$str=str_replace("
",chr(13),$str);
$str=str_replace("''","'",$str);
return $str;
}
// 函数:string_filter($string, $match_type=1)
// 功能:过滤非法内容
// 参数:
// $string 需要检查的字符串
// $match_type 匹配类型,1为精确匹配, 2为模糊匹配,默认为1
//
// 返回:有非法内容返回True,无非法内容返回False
// 其他:非法关键字列表保存在txt文件里, 分为普通非法关键字和严重非法关键字两个列表
// 作者:heiyeluren
// 时间:2006-1-18
//
//======================================================================
function lib_lawless_string_filter($string, $match_type=1)
{
//字符串空直接返回为非法
$string = trim($string);
if (empty($string))
{
return false;
}
//获取重要关键字列表和普通关键字列表
$common_file = "common_list.txt"; //Common filter keyword list
$signify_file = "signify_list.txt"; //Important filter keyword list
//If any list file does not exist, return false directly. Otherwise, read the two file lists into two arrays
if (!file_exists($common_file) || !file_exists($signify_file))
{
return false;
}
$common_list = file($common_file);
$signify_list = file($signify_file);
//Exact match
if ($match_type == 1)
{
$ is_lawless = exact_match($string, $common_list);
}
//Fuzzy match
if ($match_type == 2)
{
$is_lawless = blur_match($string , $common_list, $signify_list);
}
//Determine whether there is data in the search result array. If there is, it proves to be illegal
if (is_array($is_lawless) && !empty( $is_lawless))
{
return true;
}
else
{
return false;
}
}
//-- ------------------
//Exact matching, for filtering purposes
//--------------- ------
function exact_match($string, $common_list)
{
$string = trim($string);
$string = lib_replace_end_tag($string);
//Retrieve the common filter keyword list
foreach($common_list as $block)
{
$block = trim($block);
if (preg_match("/^$string$ /i", $block))
{
$blist[] = $block;
}
}
//Determine whether there is filtered content in the array
if (! empty($blist))
{
return array_unique($blist);
}
return false;
}
//----- ------------------
// Fuzzy matching, serving filtering
//----------------- -----
function blur_match($string, $common_list, $signify_list)
{
$string = trim($string);
$s_len = strlen($string);
$string = lib_replace_end_tag($string);
//Retrieve the common filter keyword list
foreach($common_list as $block)
{
$block = trim($block) ;
if (preg_match("/^$string$/i", $block))
{
$blist[] = $block;
}
}
// Retrieve severely filtered keyword list
foreach($signify_list as $block)
{
$block = trim($block);
if ($s_len>=strlen($block) && preg_match( "/$block/i", $string))
{
$blist[] = $block;
}
}
//Determine whether there is filtered content in the array
if (!empty($blist))
{
return array_unique($blist);
}
return false;
}
//- -----------------------
// Replace HTML tail tag to serve filtering
//------ ------------------
function lib_replace_end_tag($str)
{
if (empty($str)) return false;
$ str = htmlspecialchars($str);
$str = str_replace( '/', "", $str);
$str = str_replace("\", "", $str);
$ str = str_replace(">", "", $str);
$str = str_replace("<", "", $str);
$str = str_replace("<SCRIPT>", " ", $str); <br>$str = str_replace("</SCRIPT>", "", $str);
$str = str_replace("<script>", "", $str) ; <br>$str = str_replace("</script>", "", $str);
$str=str_replace("select","select",$str);
$str= str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where", $str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str= str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop", $str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str= str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast", $str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$ str=str_replace("<","<",$str);
$str=str_replace(" ",chr(32),$str);
$str=str_replace(" ",chr (9),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace("&",chr(34),$str);
$str=str_replace("'",chr(39),$str);
$str=str_replace("
",chr(13),$str);
$ str=str_replace("''","'",$str);
$str=str_replace("css","'",$str);
$str=str_replace("CSS","'",$str);
return $str;
//HTML tag, can be filtered as an extension
/*
$tags = array("/html", "/head", "/body", "/div", "/span", "/DOCTYPE", "/title", "/link", "/meta", "/style", "/p", "/h1,", "/h2,", "/h3,", "/h4,", "/h5,", "/h6", "/strong", "/em", "/abbr", "/acronym", "/address", "/bdo", "/blockquote", "/cite", "/q", "/code", "/ins", "/del", "/dfn", "/kbd", "/pre", "/samp", "/var", "/br", "/a", "/img", "/area", "/map", "/object", "/param", "/ul", "/ol", "/li", "/dl", "/dt", "/dd", "/table", "/tr", "/td", "/th", "/tbody", "/thead", "/tfoot", "/col", "/colgroup", "/caption", "/form", "/input", "/textarea", "/select", "/option", "/optgroup", "/button", "/label", "/fieldset", "/legend", "/script", "/noscript", "/b", "/i", "/tt", "/sub", "/sup", "/big", "/small", "/hr" );
* /
}
Code:
The reference is directly like this:
$xxx = htmlspecialchars($_POST['xxx']);
or
$xxx = htmlspecialchars($_GET['xxx']);
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1664
14
1423
52
1318
25
1269
29
1248
24
PHP and Python: Comparing Two Popular Programming Languages
Apr 14, 2025 am 12:13 AM
PHP and Python each have their own advantages, and choose according to project requirements. 1.PHP is suitable for web development, especially for rapid development and maintenance of websites. 2. Python is suitable for data science, machine learning and artificial intelligence, with concise syntax and suitable for beginners.
PHP in Action: Real-World Examples and Applications
Apr 14, 2025 am 12:19 AM
PHP is widely used in e-commerce, content management systems and API development. 1) E-commerce: used for shopping cart function and payment processing. 2) Content management system: used for dynamic content generation and user management. 3) API development: used for RESTful API development and API security. Through performance optimization and best practices, the efficiency and maintainability of PHP applications are improved.
The Enduring Relevance of PHP: Is It Still Alive?
Apr 14, 2025 am 12:12 AM
PHP is still dynamic and still occupies an important position in the field of modern programming. 1) PHP's simplicity and powerful community support make it widely used in web development; 2) Its flexibility and stability make it outstanding in handling web forms, database operations and file processing; 3) PHP is constantly evolving and optimizing, suitable for beginners and experienced developers.
PHP and Python: Code Examples and Comparison
Apr 15, 2025 am 12:07 AM
PHP and Python have their own advantages and disadvantages, and the choice depends on project needs and personal preferences. 1.PHP is suitable for rapid development and maintenance of large-scale web applications. 2. Python dominates the field of data science and machine learning.
PHP and Python: Different Paradigms Explained
Apr 18, 2025 am 12:26 AM
PHP is mainly procedural programming, but also supports object-oriented programming (OOP); Python supports a variety of paradigms, including OOP, functional and procedural programming. PHP is suitable for web development, and Python is suitable for a variety of applications such as data analysis and machine learning.
PHP: Handling Databases and Server-Side Logic
Apr 15, 2025 am 12:15 AM
PHP uses MySQLi and PDO extensions to interact in database operations and server-side logic processing, and processes server-side logic through functions such as session management. 1) Use MySQLi or PDO to connect to the database and execute SQL queries. 2) Handle HTTP requests and user status through session management and other functions. 3) Use transactions to ensure the atomicity of database operations. 4) Prevent SQL injection, use exception handling and closing connections for debugging. 5) Optimize performance through indexing and cache, write highly readable code and perform error handling.
PHP's Purpose: Building Dynamic Websites
Apr 15, 2025 am 12:18 AM
PHP is used to build dynamic websites, and its core functions include: 1. Generate dynamic content and generate web pages in real time by connecting with the database; 2. Process user interaction and form submissions, verify inputs and respond to operations; 3. Manage sessions and user authentication to provide a personalized experience; 4. Optimize performance and follow best practices to improve website efficiency and security.
HTML: The Structure, CSS: The Style, JavaScript: The Behavior
Apr 18, 2025 am 12:09 AM
The roles of HTML, CSS and JavaScript in web development are: 1. HTML defines the web page structure, 2. CSS controls the web page style, and 3. JavaScript adds dynamic behavior. Together, they build the framework, aesthetics and interactivity of modern websites.
