Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
php防注入和XSS攻击通用过滤
<?php
//php防注入和XSS攻击通用过滤.
$_GET && SafeFilter($_GET);
$_POST && SafeFilter($_POST);
$_COOKIE && SafeFilter($_COOKIE);
function SafeFilter (&$arr)
{
if (is_array($arr))
{
foreach ($arr as $key => $value)
{
if (!is_array($value))
{
if (!get_magic_quotes_gpc()) //不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
{
$value = addslashes($value); //给单引号(')、双引号(")、反斜线(\)与 NUL(NULL 字符)加上反斜线转义
}
$arr[$key] = htmlspecialchars($value,ENT_QUOTES); //&,",',> ,< 转为html实体 &amp;,&quot;&#039;,&gt;,&lt;
}
else
{
SafeFilter($arr[$key]);
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment