目录

PHP 用户输入安全过滤

目录
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
function _safe($str){
    $html_string = array("&amp;", "&nbsp;", "'", '"', "<", ">", "\t", "\r");
    $html_clear = array("&", " ", "&#39;", "&quot;", "&lt;", "&gt;", "&nbsp; &nbsp; ", "");

    $js_string = array("/<script(.*)<\/script>/isU");
    $js_clear = array("");

    $frame_string = array("/<frame(.*)>/isU", "/<\/fram(.*)>/isU", "/<iframe(.*)>/isU", "/<\/ifram(.*)>/isU",);
    $frame_clear = array("", "", "", "");

    $style_string = array("/<style(.*)<\/style>/isU", "/<link(.*)>/isU", "/<\/link>/isU");
    $style_clear = array("", "", "");

    $str = trim($str);

    //过滤字符串
    $str = str_replace($html_string, $html_clear, $str);

    //过滤JS
    $str = preg_replace($js_string, $js_clear, $str);

    //过滤ifram
    $str = preg_replace($frame_string, $frame_clear, $str);

    //过滤style
    $str = preg_replace($style_string, $style_clear, $str);

    return $str;

}