不多bb直接贴代码,你另起一份php文件复制进去然后引入就能用了。

这是开发小页面用的,如果你觉得代码耦合度太高不易于维护可以自行修改一下。

if (ini_get('magic_quotes_gpc')) {
    function stripslashesRecursive(array $array)
    {
         foreach ($array as $k => $v) {
              if (is_string($v)) {
                   $array[$k] = stripslashes(trim($v));
              } else if (is_array($v)) {
                   $array[$k] = stripslashesRecursive($v);
              }
         }
         return $array;
    }

    if($_GET)$_GET = stripslashesRecursive($_GET);
    if($_POST)$_POST = stripslashesRecursive($_POST);
}
function array_safe_replace(array $array) {
   foreach ($array as $k => $v) {
      if (is_string($v)) {
           $string = $v;
           $string = str_replace('%20','',$string);
           $string = str_replace('%27','',$string);
           $string = str_replace('%2527','',$string);
           $string = str_replace('*','',$string);
           $string = str_replace('"','"',$string);
           $string = str_replace("'",'',$string);
           $string = str_replace('"','',$string);
           $string = str_replace(';','',$string);
           $string = str_replace('<','<',$string);
           $string = str_replace('>','>',$string);
           $string = str_replace("{",'',$string);
           $string = str_replace('}','',$string);
           $string = str_replace('\\','',$string);
           $string = str_replace('script','',$string);
           $string = str_replace('insert','',$string);
           $string = str_replace('update','',$string);
           $string = str_replace('delete','',$string);
           $string = str_replace('select','',$string);
           $string = str_replace('drop','',$string);
           $string = str_replace('eval','',$string);
           //防sql注入
           $string=preg_replace("/insert/i", "",$string);
           $string=preg_replace("/update/i", "",$string);
           $string=preg_replace("/delete/i", "",$string);
           $string=preg_replace("/select/i", "",$string);
           $string=preg_replace("/drop/i", "",$string);
           $string=preg_replace("/load_file/i", "",$string);
           $string=preg_replace("/outfile/i", "",$string);
           $string=preg_replace("/into/i", "",$string);
           $string=preg_replace("/exec/i", "",$string);
           $string=preg_replace("/caipiao_/i", "",$string);
           $string=preg_replace("/union/i", "",$string);
           $string=preg_replace("/(add|change)\s+column/i", "",$string);
           $string=preg_replace("/(select|update|delete)\s+\S*\s+from/i", "",$string);
           $string=preg_replace("/insert\s+into/i", "",$string);
           $string=preg_replace("/show\s+(databases|tables|index|columns)/i", "",$string);
           $string=preg_replace("/alter\s+(database|table)/i", "",$string);
           //防js注入
           $string=preg_replace("/(eval|alert|prompt|msgbox)\s*\(.*\)/i", "",$string);
           $string=preg_replace("/script/i", "",$string);
           $string=preg_replace("/\w+\s*=\s*(\"|')?(java|vb)script:\S*(\"|')?/i", "",$string);
           $array[$k] = $string;
      } else if (is_array($v)) {
           $array[$k] = array_safe_replace($v);
      }
   }
   return $array;
}

//返回过滤后的请求数据
if($_GET)$_GET = array_safe_replace($_GET);
if($_POST)$_POST = array_safe_replace($_POST);
Last modification:December 9th, 2019 at 11:11 am
如果觉得我的文章对你有用,请随意赞赏