Follow along with the video below to see how to install our site as a web app on your home screen.
Примечание: This feature may not be available in some browsers.
а есть разница (в смысле безопасности) между такой записью
$_POST = str_replace(' <, >, и другое ненужное', '', $_POST);
$a=$_POST[a];
$b=$_POST;
и такой:
$a = str_replace(' <, >, и другое ненужное', '', $_POST[a]);
$b = str_replace(' <, >, и другое ненужное', '', $_POST);
Может заодно профильтровать уже и $_SESSION $_COOKIE $_SERVER и др ?
// Prevent any possible XSS attacks via $_GET.
foreach ($_GET as $check_url) {
if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) ||
(eregi("\"", $check_url))) {
die ();
}
}
unset($check_url);
$check_url = (isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']);
foreach($_GET as $check_url) {
if((eregi("<[^>]*script[^>]*>", $check_url)) || (eregi("<[^>]*object[^>]*>", $check_url)) ||
(eregi("<[^>]*iframe[^>]*>", $check_url)) || (eregi("<[^>]*applet[^>]*>", $check_url)) ||
(eregi("<[^>]*meta[^>]*>", $check_url)) || (eregi("<[^>]*style[^>]*>", $check_url)) ||
(eregi("<[^>]*form[^>]*>", $check_url)) || (eregi("\([^>][^)]*\)", $check_url)) ||
(eregi("<[^>]*frameset[^>]*>", $check_url)) || (eregi("<[^>]*onmouseover[^>]*>", $check_url)) ||
(eregi("<[^>]*img[^>]*>", $check_url)) || (eregi("\"", $check_url)) || (eregi("'", $check_url))){
die();
}
}