php Filters Hazard Codes such as html Submitted by Forms

PHP Filter Submission Form html code may contain code that can be used to introduce externally dangerous content. For example, there are times when a user submits a form that contains html content, but this may result in a disordered layout of the display page that needs to be filtered out.

Method 1:

//get post data

 function PostGet($str,$post=0)

 {

  empty($str)?die('para is null'.$str.'!'):'';

  

  if( $post ) 

  {

   if( get_magic_quotes_gpc() )

   {

    return htmlspecialchars(isset($_POST[$str])?$_POST

[$str]:'');

   }

   else

   {

    return addslashes(htmlspecialchars(isset($_POST[$str])?

$_POST[$str]:''));

   }

   

  }

  else

  {

   if( get_magic_quotes_gpc() )

   {

    return htmlspecialchars(isset($_GET[$str])?$_GET[$str]:''); 

   }

   else

   {

    return addslashes(htmlspecialchars(isset($_GET[$str])?

$_GET[$str]:'')); 

   }

  }

 }

Method 2:

function uhtml($str)     

{     

    $farr = array(     

        "/\s+/", // Filter excess blank      

         // Filter  <script> Code that may introduce malicious content or maliciously change the display layout, etc. , If you do not need to insert flash Etc , You can also join <object> Filtering of      

        "/<(\/?)(script|i?frame|style|html|body|title|link|meta|\?|\%)([^>]*?)>/isU",    

        "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",// Filter javascript Adj. on Events      

   );     

   $tarr = array(     

        " ",     

        " < \1\2\3 > ",// If you want to clear the unsafe labels directly, you can leave it blank here      

        "\1\2",     

   );     

  $str = preg_replace( $farr,$tarr,$str);     

   return $str;     

}  

It's a very practical method. I hope it can be helpful to everyone