function fn_safe($str_string) {
//直接剔除
$_arr_dangerChars = array(
"|", ";", "$", "@", "+", "\t", "\r", "\n", ",", "(", ")", PHP_EOL //特殊字符
);
//正則剔除
$_arr_dangerRegs = array(
/* -------- 跨站 --------*/
//html 標簽
"/<(script|frame|iframe|bgsound|link|object|applet|embed|blink|style|layer|ilayer|base|meta)\s+\S*>/i",
//html 屬性
"/on(afterprint|beforeprint|beforeunload|error|haschange|load|message|offline|online|pagehide|pageshow|popstate|redo|resize|storage|undo|unload|blur|change|contextmenu|focus|formchange|forminput|input|invalid|reset|select|submit|keydown|keypress|keyup|click|dblclick|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|mousedown|mousemove|mouseout|mouseover|mouseup|mousewheel|scroll|abort|canplay|canplaythrough|durationchange|emptied|ended|error|loadeddata|loadedmetadata|loadstart|pause|play|playing|progress|ratechange|readystatechange|seeked|seeking|stalled|suspend|timeupdate|volumechange|waiting)\s*=\s*(\"|')?\S*(\"|')?/i",
//html 屬性包含腳本
"/\w+\s*=\s*(\"|')?(java|vb)script:\S*(\"|')?/i",
//js 對象
"/(document|location)\s*\.\s*\S*/i",
//js 函數(shù)
"/(eval|alert|prompt|msgbox)\s*\(.*\)/i",
//css
"/expression\s*:\s*\S*/i",
/* -------- sql 注入 --------*/
//顯示 數(shù)據(jù)庫 | 表 | 索引 | 字段
"/show\s+(databases|tables|index|columns)/i",
//創(chuàng)建 數(shù)據(jù)庫 | 表 | 索引 | 視圖 | 存儲過程 | 存儲過程
"/create\s+(database|table|(unique\s+)?index|view|procedure|proc)/i",
//更新 數(shù)據(jù)庫 | 表
"/alter\s+(database|table)/i",
//丟棄 數(shù)據(jù)庫 | 表 | 索引 | 視圖 | 字段
"/drop\s+(database|table|index|view|column)/i",
//備份 數(shù)據(jù)庫 | 日志
"/backup\s+(database|log)/i",
//初始化 表
"/truncate\s+table/i",
//替換 視圖
"/replace\s+view/i",
//創(chuàng)建 | 更改 字段
"/(add|change)\s+column/i",
//選擇 | 更新 | 刪除 記錄
"/(select|update|delete)\s+\S*\s+from/i",
//插入 記錄 | 選擇到文件
"/insert\s+into/i",
//sql 函數(shù)
"/load_file\s*\(.*\)/i",
//sql 其他
"/(outfile|infile)\s+(\"|')?\S*(\"|')/i",
);
$_str_return = $str_string;
//$_str_return = urlencode($_str_return);
foreach ($_arr_dangerChars as $_key=>$_value) {
$_str_return = str_ireplace($_value, "", $_str_return);
}
foreach ($_arr_dangerRegs as $_key=>$_value) {
$_str_return = preg_replace($_value, "", $_str_return);
}
$_str_return = htmlentities($_str_return, ENT_QUOTES, "UTF-8", true);
return $_str_return;
}
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Guide: Stellar Blade Save File Location/Save File Lost/Not Saving
4 weeks ago
By DDD
Oguri Cap Build Guide | A Pretty Derby Musume
2 weeks ago
By Jack chen
Agnes Tachyon Build Guide | A Pretty Derby Musume
2 weeks ago
By Jack chen
Dune: Awakening - Advanced Planetologist Quest Walkthrough
4 weeks ago
By Jack chen
Date Everything: Dirk And Harper Relationship Guide
4 weeks ago
By Jack chen
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
