//过滤方法
function filterWords(&$str){
$farr = array(
"/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU",
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
"/select\b|insert\b|update\b|delete\b|drop\b|;|\"|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|or|and|=|from|execute|count|chr|mid|master|truncate|char|declare|create|%20|dump/is"
);
$str = preg_replace($farr,'',$str);
$str = strip_tags($str);
return $str;
}
//实验方法
function str(){
$str="select * from 1=1 or 3=3 ";
echo $str;
echo '<br/>过滤了相关字符<br/>';
$strs=filterWords($str);
echo $strs ;
}
$string =str();
print_r($string);
echo '<hr>';
借鉴的代码