function login_check($post)
{
$MaxSlen = 30;
//限制登陆验证输入项最多20个字符
if (!get_magic_quotes_gpc()) {
$post = addslashes($post);
// 进行magic_quotes_gpc没有打开的情况对提交数据的过滤
}
$post = LenLimit($post, $MaxSlen);
$post = preg_replace("/ +/", "", trim(str_replace(" ", "", $post)));
$post = cleanHex($post);
if (strpos($post, "=") || strpos($post, "'") || strpos($post, "\\") || strpos($post, "*") || strpos($post, "#")) {
return false;
} else {
return true;
}
}
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>代码安全</title>
</head>
<body>
<?php
session_start();
if ($_POST['submit'] == "go") {
//check token
if ($_POST['token'] == $_SESSION['token']) {
//strip_tags
$name = strip_tags($_POST['name']);
$name = substr($name, 0, 40);
//clean out any potential hexadecimal characters
$name = cleanHex($name);
//continue processing....
} else {
//stop all processing! remote form posting attempt!
}
}
$token = md5(uniqid(rand(), true));
$_SESSION['token'] = $token;
function cleanHex($input)
{
$clean = preg_replace("![\\][xX]([A-Fa-f0-9]{1,3})!", "", $input);
return $clean;
}
?>
<form action="<?php
echo $_SERVER['PHP_SELF'];