- //判断是否是xss攻击
- function _xss_check() {
- //urldecode解码已编码的URL 字符串
- //解码 过后的url串
- $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
- if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
- die('报告:xss攻击');
- }
- return true;
- }
- //该片段来自于http://www.codesnippet.cn/detail/081020136271.html
来源: http://www.codesnippet.cn/detail/081020136271.html