/**+----------------------------------------------------------* The goal of this function is to be a generic function that can be used to parse almost any input and * render it XSS safe. For more information on actual XSS attacks, check out http:
客户端脚本植入 XSS跨站脚本攻击(跨站脚本攻击,输入(传入)自动执行恶意的HTML代码,如盗取用户Cookie.破坏页面结构.重定向到其它网站):过滤<,>&,"等特殊字符 Sql注入攻击:预处理解决 登录sql select * from user where username = "{$_POST['username'] }"and password ="$_POST['pwd'] "; 前台表单:用户名输入 跨站请求伪造 S