- <?php
- if (!get_magic_quotes_gpc()) {
- add_slashes($_GET);
- add_slashes($_POST);
- add_slashes($_COOKIE);
- }
- function add_slashes($string) {
- if (is_array($string)) {
- foreach ($string as $key => $value) {
- $string[$key] = add_slashes($value);
- }
- } else {
- $string = addslashes($string);
- }
- return $string;
- }
- //php防注入函数,字符过滤函数
- //解码
- function htmldecode($str)
- {
- if(empty($str)) return;
- if($str=="") return $str;
- $str=str_replace("select","select",$str);
- $str=str_replace("join","join",$str);
- $str=str_replace("union","union",$str);
- $str=str_replace("where","where",$str);
- $str=str_replace("insert","insert",$str);
- $str=str_replace("delete","delete",$str);
- $str=str_replace("update","update",$str);
- $str=str_replace("like","like",$str);
- $str=str_replace("drop","drop",$str);
- $str=str_replace("create","create",$str);
- $str=str_replace("modify","modify",$str);
- $str=str_replace("rename","rename",$str);
- $str=str_replace("alter","alter",$str);
- $str=str_replace("cas","cast",$str);
- $str=str_replace("&","&",$str);
- $str=str_replace(">",">",$str);
- $str=str_replace("<","<",$str);
- $str=str_replace(" ",chr(32),$str);
- $str=str_replace(" ",chr(9),$str);
- // $str=str_replace(" ",chr(9),$str);
- $str=str_replace("&",chr(34),$str);
- $str=str_replace("'",chr(39),$str);
- $str=str_replace("<br />",chr(13),$str);
- $str=str_replace("''","'",$str);
- return $str;
- }
- //编码
- function htmlencode($str)
- {
- if(empty($str)) return;
- if($str=="") return $str;
- $str=trim($str);
- $str=str_replace("&","&",$str);
- $str=str_replace(">",">",$str);
- $str=str_replace("<","<",$str);
- $str=str_replace(chr(32)," ",$str);
- $str=str_replace(chr(9)," ",$str);
- // $str=str_replace(chr(9)," ",$str);
- $str=str_replace(chr(34),"&",$str);
- $str=str_replace(chr(39),"'",$str);
- $str=str_replace(chr(13),"<br />",$str);
- $str=str_replace("'","''",$str);
- $str=str_replace("select","select",$str);
- $str=str_replace("join","join",$str);
- $str=str_replace("union","union",$str);
- $str=str_replace("where","where",$str);
- $str=str_replace("insert","insert",$str);
- $str=str_replace("delete","delete",$str);
- $str=str_replace("update","update",$str);
- $str=str_replace("like","like",$str);
- $str=str_replace("drop","drop",$str);
- $str=str_replace("create","create",$str);
- $str=str_replace("modify","modify",$str);
- $str=str_replace("rename","rename",$str);
- $str=str_replace("alter","alter",$str);
- $str=str_replace("cast","cas",$str);
- return $str;
- }
- ?>
代码来源于网络,喜欢的朋友可以直接拿去学习。
未经过测试,请自行验证代码的正确性。