2006年7月 的存档
[php] <?php$str="<object onasd='asd'>"; /*过滤危险词语则*/function del_html($str){ //过滤多余回车$str=preg_replace("/\s+/", " ", $str); //过滤<script>….$str=preg_replace("/<(script.*?)>(.*?)<(\/script.*?)>/si","<\\1>\\2<\\3>",$str);$str=preg_replace("/<(script.*?)>/si","<\\1>",$str); //过滤表单$str=preg_replace("/<(\/?form.*?)>/si","",$str); //过滤object$str=preg_replace("/<(\/?objec.*?)>/si","",$str); //过滤框架$str=preg_replace("/<(i?frame.*?)>(.*?)<(\/i?frame.*?)>/si","<\\1>\\2<\\3>",$str); //过滤on触发事件(非表格标签,格式为<xxx>xxx</xxx>)$str=preg_replace("/<([^tr|^td|^table|^tbody])([^>]*?on.+?=[^>|^<]*?)>(.*?)<\/(\\1[^>]*?)>/si","<\\1\\2>\\3<\\4>",$str); //过滤on触发事件(非表格标签,格式为<xxx />)$str=preg_replace("/<([^tr|^td|^table|^tbody])([^>]*?on.+?=[^>|^<]*?) ?\/?>/si","<\\1\\2>",$str); //过滤on触发事件(表格标签)$str=preg_replace("/<([tr|td|tbody|table][^>]*)on([^>]*?)>/si","<\\1 0n\\2>",$str);return($str);} echo del_html($str);?> [/php] function badHtml($string) { $string =preg_replace("!<([/]?)(html|head|meta|form|frameset|iframe|applet|object)([^>]+)?>!si","",$string); $string =preg_replace("!<style([^>]+)?>.+?<\/style>!si","",$string); $string =preg_replace("!<([/]?)(style)([^>]+)?>!si","",$string); $string =preg_replace("!<link.+?>.+?!is","",$string); $string =preg_replace("!<script([^>]+)?>.+?<\/script>!si"," ",$string); $string =preg_replace("!<([/]?)(script)([^>]+)?>!si"," ",$string); $string =preg_replace("!javascript!i","javascript",$string); $string =preg_replace("!<title([^>]+)?>.+?<\/title>!si","",$string); [...]
Link Thumbnail 今天和同事聊天的时候发现的,很不错. 教程在: http://lab.arc90.com/2006/07/link_thumbnail.php#examples 演示在: http://lab.arc90.com/tools/linkthumb/ ]]>
注意本程序中使用的表结构为: use test; create table datetime(dtfield datetime); insert into datetime values(now()); */ ?> <? $server = mysql_connect("localhost","test","") or die("无法连接数据库服务器!"); $db = mysql_select_db("test",$server) or die("无法连接test数据库!"); $sql = "select unix_timestamp(dtfield) from datetime"; $rst = mysql_query($sql) or die("查询失败:$sql"); $row = mysql_fetch_array($rst) or die("无法取得数据!"); $datetime = $row["unix_timestamp(dtfield)"]; $now = time(); $diff = $now-$datetime; $diffhour = (int)($diff/3600); $diffminute = (int)(($diff-$diffhour*3600)/60); $diffsecond = $diff-$diffhour*3600-$diffminute*60; echo "当前时间为 : " . date("y年m月d日 h:i:s",$now) . "<br>"; echo "数据库中的时间为 : " . date("y年m月d日 h:i:s",$datetime) . "<br>"; echo "当前时间与数据库时间相差: " . $diffhour . "时" . $diffminute . "分" . $diffsecond . "秒"; mysql_close($server) or die("无法与数据库服务器断开连接!"); ?> 当然,假如服务器调用远程的数据库,你还可以将: $sql = "select unix_timestamp(dtfield) from datetime"; 该成: $sql = "select unix_timestamp(dtfield),unix_timestamp(NOW()) from datetime"; 通过NOW() 来获得mysql服务器的时间戳 ]]>
<html xmlns="[url]http://www.w3.org/1999/xhtml[/url]"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title></title><style type="text/css" >body,td,th,div,input{font-size:12px}.STYLE1 { color: #FFFFFF; font-weight: bold;}</style><script language="javascript" type="text/javascript">function hidit(){ var oMask=document.getElementById("divMask"); var oMsg=document.getElementById("divMsg"); oMask.style.display="none"; oMsg.style.display="none";}document.write ('<div id="divMask" style="display:none" onclick="return false" onselectstart="return false" ondbclick="return false"> </div><div style="display:none" id="divMsg"><form id="form1" name="form1" method="post" action=""><table width="200" border="0" cellpadding="1" cellspacing="1" bgcolor="#336699"><tr><td style=" font-weight:bold; color:#FFFFFF">提示</td></tr><tr><td><table width="99%" height="99%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF"><tr><td><img name="v" [...]
<input type=button value="提交" onclick="window.open('http://www.gdutbbs.com')"> or <input type=button value="提交" onclick="location.replace('http://www.gdutbbs.com)') "> ]]>