php过滤xss攻击的示例:
在对应的php文件中添加以下代码:
<?phpfunction RemoveXSS($val) {
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
// this prevents some character re-spacing such as
// note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
$val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
// straight replacements, the user should never need these since they're normal characters
// this prevents like
</><> $><> $><> $><> $><> ><> // ;? ><> // ><><> // @ @ ><> $><> // @ @ ><> $><> } </><><> // ><> $><> $><> $><><> $><> ><> $><> ><> $><> ><> > ><> $><> $><> $><> $><> $><> } </><> $><> } </><> $><> $>&#> ><> $><> ><> // ><> $><> } </><> } </><> } </><> ><>}</></><> </>