[{"data":1,"prerenderedAt":57},["ShallowReactive",2],{"article-12":3},{"code":4,"msg":5,"data":6,"count":14},200,"查询成功",{"id":7,"title":8,"keywords":9,"description":10,"category_id":11,"content":12,"body_html":13,"thumb_up":14,"clicks":15,"sort":14,"remark":16,"status":17,"is_open":17,"is_deleted":14,"is_top":14,"is_recommend":14,"create_time":18,"update_time":19,"image_id":20,"url":13,"member_id":14,"cate_name":21,"prev":22,"next":25,"tags":28,"words":31,"read_time":11,"comments":14,"cover":32,"relevant":33},12,"PHP防止sql注入，XSS攻击简单方法","sql注入,XSS攻击","实际项目部署到公网上，为防止恶意的操作，后端对数据已进行一系列的验证，有效的提高网站安全性。",2,"实际项目部署到公网上，为防止恶意的操作，后端对数据已进行一系列的验证，有效的提高网站安全性。\n\nsql注入，xss攻击常见的攻击防止，本文章介绍防止sql注入，xss攻击，废话不多说，直接上代码\n\n（代码尽供参考，各有各的想法）\n\n```php\n\u002F**\n * [actionClean xss攻击]\n * @Author   My\n * @DateTime 2018-09-19T10:47:15+0800\n * @param    [type]                   $str [description]\n * @return   [type]                        [description]\n *\u002F\npublic function clearXSS($str){\n    $str = trim($str);\n    $str = strip_tags($str);\u002F\u002F剥去字符串中的 HTML、XML 以及 PHP 的标签。\n    $str = stripslashes($str);\u002F\u002F由 addslashes() 函数添加的反斜杠。\n    $str = addslashes($str);\u002F\u002F在预定义字符之前添加反斜杠的字符串。\n    $str = rawurldecode($str);\u002F\u002F对已编码的 URL 字符串进行解码\n    $str = quotemeta($str);\u002F\u002F在预定义字符前添加反斜杠：\n    $str = htmlspecialchars($str);\u002F\u002F预定义的字符 \"\u003C\" （小于）和 \">\" （大于）转换为 HTML 实体：\n    \n    return $str;\n}\n```\n\n```php\n\u002F**\n * [clearFilterWords 清除sql关键字 特殊字符等]\n * @Author   My\n * @DateTime 2018-09-19T12:15:37+0800\n * @param    [type]                   $str [description]\n * @return   [type]                        [description]\n *\u002F\npublic function clearFilterWords($str){\n    $farr = array(\n      \"\u002F\u003C(\\\\\u002F?)(script|i?frame|style|html|body|title|link|meta|object|\\\\?|\\\\%)([^>]*?)>\u002FisU\",\n      \"\u002F(\u003C[^>]*)on[a-zA-Z]+\\s*=([^>]*>)\u002FisU\",\n      \"\u002Fselect|insert|update|delete|drop|\\'|\\\u002F\\*|\\*|\\+|\\-|\\\"|\\.\\.\\\u002F|\\.\\\u002F|union|into|load_file|outfile|dump\u002Fis\",\n      \"\u002F\\\u002F|\\~|\\!|\\@|\\#|\\\\$|\\%|\\^|\\&|\\*|\\(|\\)|\\_|\\+|\\{|\\}|\\:|\\\u003C|\\>|\\?|\\[|\\]|\\,|\\.|\\\u002F|\\;|\\'|\\`|\\-|\\=|\\\\\\|\\|\u002F\",\n      \"\u002F\\s\u002F\",\n    );\n    $str = preg_replace($farr, '', $str);\u002F\u002F去除特殊字符\n    $str = $this->clearXSS($str);\n    return $str;\n}\n```\n调用方法：\n\n```php\n\u002F**\n * [checkXSSSqlInject 防止注入 xss攻击调用方法]\n * @Author   My\n * @DateTime 2018-09-19T12:15:05+0800\n * @param    [type]                   $params [description]\n * @return   [type]                           [description]\n *\u002F\npublic function checkXSSSqlInject(&$params){\n    if(is_array($params)){\n      foreach($params as $k => $v){\n        $params[$k] = $this->clearFilterWords($v);\n      }\n    }else{\n      $params = $this->clearFilterWords($params);\n    }\n    return $params;\n}\n\u002F\u002F调用\n$this->checkXSSSqlInject($params);\n```\n \n",null,0,549,"",1,"2019-01-17 22:21:20","2026-04-19 10:49:51",125,"PHP",{"id":23,"title":24},11,"《MongoDB权威指南》之MongoDB初探",{"id":26,"title":27},13,"Win系统下配置PHP链接Oracle",[29],{"id":30,"name":21},25,1065,"https:\u002F\u002Ftp.myong.top\u002Fstorage\u002Farticle\u002Fde\u002Fe160ee009b815eba64cecaaccf60f8.jpg",[34,39,44,49,52],{"id":35,"title":36,"create_time":37,"description":38},93,"PHP执行Python脚本解压，压缩文件夹操作","2020-08-06 14:59:05","PHP是有解压缩类文件的，但在实际项目中，用户方使用Python脚本压缩，很容易出现中文解压乱码，导致文件内容丢失的情况，本文主要介绍PHP执行Python脚本解压缩出现的问题以及解决方法",{"id":40,"title":41,"create_time":42,"description":43},92,"PHP对图片的处理","2020-07-30 15:53:38","图片处理函数功能：缩放、剪切、相框、水印、锐化、旋转、翻转、透明度、反色处理并保存历史记录的思路：当有图片有改动时自动生成一张新图片",{"id":45,"title":46,"create_time":47,"description":48},96,"PHP中字符串跟0做比较永远是true","2021-02-04 16:16:27","最近在项目中做数据对比的功能，发现一个特殊的情况，0跟任何字符串做比较永远返回true，特意了解了一下。",{"id":26,"title":27,"create_time":50,"description":51},"2019-01-17 22:23:36","该文章内容主要介绍window系统下，php连接oracle的配置。",{"id":53,"title":54,"create_time":55,"description":56},103,"面向对象三大特性五大原则 + 低耦合高内聚[转载]","2021-10-31 23:18:58","面向对象的三大特性是\"封装、\"多态\"、\"继承\"，五大原则是\"单一职责原则\"、\"开放封闭原则\"、\"里氏替换原则\"、\"依赖倒置原则\"、\"接口分离原则\"。",1783431672341]