dongshendi3599 2015-12-03 01:16
浏览 37
已采纳

strip替换为strip_tags,允许在sql中使用<,<=,> =,> - 正则表达式?

I'm using wp-db.php on a non-Wordpress site which allows a apply_filters function to be used. I initially did this:

function apply_filters($type, $input) {
    return strip_tags($input);
}

I want to stop html from being saved. I thought I fixed the problem but then noticed that sql queries that included things like <= weren't working.

What I want it to do is to strip tags that begin with a character e.g. <b... but if there is a space or equals sign after the bracket e.g. < or <= then it shouldn't remove it.

I found this code but it doesn't work how I want it to:

preg_replace('/<[^>]*>/', '', $input);

e.g.

<b>test</b> abc <= def < ok? ilj >= xyz >

gets returned as:

test abc = xyz >

it should only remove <x...> where x is not a space or equals sign and remove </....>

BTW I noticed that < script> doesn't work so I think it's ok for < with a space after to stay.

  • 写回答

2条回答 默认 最新

  • dqnf28092 2015-12-03 08:38
    关注

    Only the first tag is valid:

    <b>1</b> <0b>2</0b> < b>3</ > <'b>4</'b> <(>5</(> <=>6</=>

    This non-greedy regex removes the valid and closing tags:

    /<[^(=\d' )].*?>/g

    in php:

    preg_replace('/<[^(=\d\' )].*?>/', '', $input);

    See https://regex101.com/

    I had those other tags due to sql like:

    col1 < 10
col2 <10
col3 <'2010-10-10'
col4 <(SELECT col5...)
col5 <=20
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度