亚洲激情专区-91九色丨porny丨老师-久久久久久久女国产乱让韩-国产精品午夜小视频观看

溫馨提示×

如何防止xss和sql注入攻擊

小新
218
2020-12-21 17:48:52
欄目: 云計算

如何防止xss和sql注入攻擊

防止xss和sql注入攻擊的通用方法:

php防sql注入和xss攻擊通用過濾如下:

function string_remove_xss($html) {

preg_match_all("/\<([^\<]+)\>/is", $html, $ms);

$searchs[] = '<';

$replaces[] = '<';

$searchs[] = '>';

$replaces[] = '>';

if ($ms[1]) {

$allowtags = 'img|a|font|div|table|tbody|caption|tr|td|th|br|p|b|strong|i|u|em|span|ol|ul|li|blockquote';

$ms[1] = array_unique($ms[1]);

foreach ($ms[1] as $value) {

$searchs[] = "<".$value.">";

$value = str_replace('&', '_uch_tmp_str_', $value);

$value = string_htmlspecialchars($value);

$value = str_replace('_uch_tmp_str_', '&', $value);

$value = str_replace(array('\\', '/*'), array('.', '/.'), $value);

$skipkeys = array('onabort','onactivate','onafterprint','onafterupdate','onbeforeactivate','onbeforecopy','onbeforecut','onbeforedeactivate',

'onbeforeeditfocus','onbeforepaste','onbeforeprint','onbeforeunload','onbeforeupdate','onblur','onbounce','oncellchange','onchange',

'onclick','oncontextmenu','oncontrolselect','oncopy','oncut','ondataavailable','ondatasetchanged','ondatasetcomplete','ondblclick',

'ondeactivate','ondrag','ondragend','ondragenter','ondragleave','ondragover','ondragstart','ondrop','onerror','onerrorupdate',

'onfilterchange','onfinish','onfocus','onfocusin','onfocusout','onhelp','onkeydown','onkeypress','onkeyup','onlayoutcomplete',

'onload','onlosecapture','onmousedown','onmouseenter','onmouseleave','onmousemove','onmouseout','onmouseover','onmouseup','onmousewheel',

'onmove','onmoveend','onmovestart','onpaste','onpropertychange','onreadystatechange','onreset','onresize','onresizeend','onresizestart',

'onrowenter','onrowexit','onrowsdelete','onrowsinserted','onscroll','onselect','onselectionchange','onselectstart','onstart','onstop',

'onsubmit','onunload','javascript','script','eval','behaviour','expression','style','class');

$skipstr = implode('|', $skipkeys);

$value = preg_replace(array("/($skipstr)/i"), '.', $value);

if (!preg_match("/^[\/|\s]?($allowtags)(\s+|$)/is", $value)) {

$value = '';

}

$replaces[] = empty($value) ? '' : "<" . str_replace('"', '"', $value) . ">";

}

}

$html = str_replace($searchs, $replaces, $html);

return $html;

}

//php防sql注入和xss攻擊通用過濾

function string_htmlspecialchars($string, $flags = null) {

if (is_array($string)) {

foreach ($string as $key => $val) {

$string[$key] = string_htmlspecialchars($val, $flags);

}

} else {

if ($flags === null) {

$string = str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string);

if (strpos($string, '&#') !== false) {

$string = preg_replace('/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/', '&\\1', $string);

}

} else {

if (PHP_VERSION < '5.4.0') {

$string = htmlspecialchars($string, $flags);

} else {

if (!defined('CHARSET') || (strtolower(CHARSET) == 'utf-8')) {

$charset = 'UTF-8';

} else {

$charset = 'ISO-8859-1';

}

$string = htmlspecialchars($string, $flags, $charset);

}

}

}

return $string;

}

0
徐州市| 安龙县| 九寨沟县| 岫岩| 东城区| 贡嘎县| 乐平市| 怀安县| 金平| 天台县| 班戈县| 清徐县| 泰和县| 镇安县| 元朗区| 讷河市| 绥中县| 鄂托克旗| 石城县| 巫溪县| 巧家县| 贞丰县| 恭城| 阆中市| 淮安市| 普陀区| 尚义县| 富源县| 亳州市| 镇赉县| 侯马市| 日土县| 邹城市| 灵石县| 景宁| 寿光市| 新宾| 沾化县| 霍城县| 洞口县| 温泉县|