存档在七月, 2006年
一个过滤html不安全代码的函数
七 25th
[php]
<?php$str="<object onasd='asd'>";
/*过滤危险词语则*/function del_html($str){
//过滤多余回车$str=preg_replace("/\s+/", " ", $str);
//过滤<script>….$str=preg_replace("/<(script.*?)>(.*?)<(\/script.*?)>/si","<\\1>\\2<\\3>",$str);$str=preg_replace("/<(script.*?)>/si","<\\1>",$str);
//过滤表单$str=preg_replace("/<(\/?form.*?)>/si","",$str);
//过滤object$str=preg_replace("/<(\/?objec.*?)>/si","",$str);
//过滤框架$str=preg_replace("/<(i?frame.*?)>(.*?)<(\/i?frame.*?)>/si","<\\1>\\2<\\3>",$str);
//过滤on触发事件(非表格标签,格式为<xxx>xxx</xxx>)$str=preg_replace("/<([^tr|^td|^table|^tbody])([^>]*?on.+?=[^>|^<]*?)>(.*?)<\/(\\1[^>]*?)>/si","<\\1\\2>\\3<\\4>",$str);
//过滤on触发事件(非表格标签,格式为<xxx />)$str=preg_replace("/<([^tr|^td|^table|^tbody])([^>]*?on.+?=[^>|^<]*?) ?\/?>/si","<\\1\\2>",$str);
//过滤on触发事件(表格标签)$str=preg_replace("/<([tr|td|tbody|table][^>]*)on([^>]*?)>/si","<\\1 0n\\2>",$str);return($str);}
echo del_html($str);?>
[/php]
function badHtml($string) { $string =preg_replace("!<([/]?)(html|head|meta|form|frameset|iframe|applet|object)([^>]+)?>!si","",$string); $string =preg_replace("!<style([^>]+)?>.+?<\/style>!si","",$string); $string =preg_replace("!<([/]?)(style)([^>]+)?>!si","",$string); $string =preg_replace("!<link.+?>.+?!is","",$string); $string =preg_replace("!<script([^>]+)?>.+?<\/script>!si"," ",$string); $string =preg_replace("!<([/]?)(script)([^>]+)?>!si"," ",$string); $string =preg_replace("!javascript!i","javascript",$string); $string =preg_replace("!<title([^>]+)?>.+?<\/title>!si","",$string); $string =preg_replace("!<([/]?)(title)([^>]+)?>!si","",$string); $string =preg_replace("!(about|file):!i","$1:",$string); $string =preg_replace("!document\.cookie!i","documents.cookie",$string); $string =preg_replace("! on([a-z]+)([ ]*)=!is"," on$1$2=",$string); [...]
难得!网站缩略图的一个程序
七 19th
Link Thumbnail
今天和同事聊天的时候发现的,很不错.
教程在:
http://lab.arc90.com/2006/07/link_thumbnail.php#examples
演示在:
http://lab.arc90.com/tools/linkthumb/
]]>
计算MySQL中的datetime字段与当前时间差一例
七 19th
注意本程序中使用的表结构为: use test; create table datetime(dtfield datetime); insert into datetime values(now()); */ ?>
<? $server = mysql_connect("localhost","test","") or die("无法连接数据库服务器!"); $db = mysql_select_db("test",$server) or die("无法连接test数据库!"); $sql = "select unix_timestamp(dtfield) from datetime"; $rst = mysql_query($sql) or die("查询失败:$sql"); $row = mysql_fetch_array($rst) or die("无法取得数据!"); $datetime = $row["unix_timestamp(dtfield)"]; $now = time(); $diff = $now-$datetime; $diffhour = (int)($diff/3600); $diffminute = (int)(($diff-$diffhour*3600)/60); $diffsecond = $diff-$diffhour*3600-$diffminute*60; echo "当前时间为 : " . date("y年m月d日 h:i:s",$now) . "<br>"; echo "数据库中的时间为 : " . date("y年m月d日 h:i:s",$datetime) . "<br>"; echo "当前时间与数据库时间相差: " . $diffhour . "时" . $diffminute . "分" . $diffsecond . "秒"; mysql_close($server) or die("无法与数据库服务器断开连接!"); ?>
当然,假如服务器调用远程的数据库,你还可以将:
$sql = "select unix_timestamp(dtfield) from datetime";
该成:
$sql = "select unix_timestamp(dtfield),unix_timestamp(NOW()) from datetime";
通过NOW() 来获得mysql服务器的时间戳
]]>
类似网易邮箱那种确认窗口
七 14th
<html xmlns="[url]http://www.w3.org/1999/xhtml[/url]"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title></title><style type="text/css" >body,td,th,div,input{font-size:12px}.STYLE1 { color: #FFFFFF; font-weight: bold;}</style><script language="javascript" type="text/javascript">function hidit(){
var oMask=document.getElementById("divMask"); var oMsg=document.getElementById("divMsg"); oMask.style.display="none"; oMsg.style.display="none";}document.write ('<div id="divMask" style="display:none" onclick="return false" onselectstart="return false" ondbclick="return false"> </div><div style="display:none" id="divMsg"><form id="form1" name="form1" method="post" action=""><table width="200" border="0" cellpadding="1" cellspacing="1" bgcolor="#336699"><tr><td style=" font-weight:bold; color:#FFFFFF">提示</td></tr><tr><td><table width="99%" height="99%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF"><tr><td><img name="v" src="" [...]
点击“提交”按钮,如何转到另外一个页面
七 14th
<input type=button value="提交" onclick="window.open('http://www.gdutbbs.com')">
or
<input type=button value="提交" onclick="location.replace('http://www.gdutbbs.com)') ">
]]>