插件64：“消毒”字符串MySQL“消毒”字符串

<?php // Plug-ins 64a & 64b: Sanitize String & MySQL Sanitize String/* * 插件说明： * 阻止任何可能攻击服务器的意图，或者防止插入一些不需要的MySql命令、HTML语句或者Javascript脚本。 * 插件的连个函数接受一个字符串，对它进行"消毒"处理后，就可以用在自己的网站上或MySql数据库里。 * 他们都需要一个参数： * $string 一个需要"消毒"处理的字符串。 */// This is an executable example with additional code supplied// To obtain just the plug-ins please click on the Download link$string = "& This is an 'example' string to be <b>sanitized</b><script>alert('warning');</script>";echo "PIPHP_SanitizeString()<xmp>";echo "Before: " . $string . "\n";echo "After:  " . PIPHP_SanitizeString($string);echo "</xmp>";$dbhost = 'localhost'; // Normally no need to change this$dbname = 'piphp';     // Change to your database name$dbuser = 'root';   // Change to your database user name$dbpass = 'xiaonan';   // Change to your database passwordmysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());echo "PIPHP_MySQLSanitizeString()<xmp>";echo "Before: " . $string . "\n";echo "After:  " . PIPHP_MySQLSanitizeString($string);echo "</xmp>";function PIPHP_SanitizeString($string){   // Plug-in 64a: Sanitize String   //   // This plug-in accepts a string, which then has any   // potentially malicious characters removed from it.   // It expects this argument:   //   //    $string: The string to sanitize$string = strip_tags($string);return htmlentities($string);}function PIPHP_MySQLSanitizeString($string){   // Plug-in 64b: MySQL Sanitize String   //   // This plug-in accepts a string, which then has any   // potentially malicious characters removed from it.   // This includes any characters that could be used to   // try and compromise a MySQL database. Only call   // this once a connection has been opened to a MySQL   // database, otherwise an error will occur. It expects   // this argument:   //   //    $string: The string to sanitize   if (get_magic_quotes_gpc())      $string = stripslashes($string);$string = PIPHP_SanitizeString($string);   return mysql_real_escape_string($string);}?>