|
|
@ -5,33 +5,26 @@
|
|
|
|
foreach ($_GET as $k => $v)
|
|
|
|
foreach ($_GET as $k => $v)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$v = htmlspecialchars($v);
|
|
|
|
$v = htmlspecialchars($v);
|
|
|
|
//echo "$v<br>";
|
|
|
|
|
|
|
|
$v = mysql_escape_string($v);
|
|
|
|
$v = mysql_escape_string($v);
|
|
|
|
//echo "$v<br>";
|
|
|
|
|
|
|
|
// $v = htmlentities($v);
|
|
|
|
// $v = htmlentities($v);
|
|
|
|
//echo "$v<br>";
|
|
|
|
|
|
|
|
// if (preg_match('/([\'"`\'])/', $v, $match))
|
|
|
|
|
|
|
|
if (preg_match('/([\"`])/', $v, $match))
|
|
|
|
if (preg_match('/([\"`])/', $v, $match))
|
|
|
|
{
|
|
|
|
{
|
|
|
|
print "sorry get has illegal char '$match[1]'";
|
|
|
|
print "sorry get has illegal char '$match[1]'";
|
|
|
|
exit;
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$$k = $v;
|
|
|
|
$_GET[$k] = $v;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach ($_POST as $k => $v)
|
|
|
|
foreach ($_POST as $k => $v)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$v = htmlspecialchars($v);
|
|
|
|
$v = htmlspecialchars($v);
|
|
|
|
//echo "$v<br>";
|
|
|
|
|
|
|
|
$v = mysql_escape_string($v);
|
|
|
|
$v = mysql_escape_string($v);
|
|
|
|
//echo "$v<br>";
|
|
|
|
|
|
|
|
// $v = htmlentities($v);
|
|
|
|
// $v = htmlentities($v);
|
|
|
|
//echo "$v<br>";
|
|
|
|
|
|
|
|
if (preg_match('/([\'"`\'])/', $v, $match)) {
|
|
|
|
if (preg_match('/([\'"`\'])/', $v, $match)) {
|
|
|
|
print "sorry post has illegal char '$match[1]'";
|
|
|
|
print "sorry post has illegal char '$match[1]'";
|
|
|
|
exit;
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$$k = $v;
|
|
|
|
$_POST[$k] = $v;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
?>
|
|
|
|
?>
|
|
|
|