php 保险过滤函数代码

WBOY
Freigeben: 2016-06-13 12:28:37
Original
1040 Leute haben es durchsucht

php 安全过滤函数代码

php 安全过滤函数代码,防止用户恶意输入内容。

<span style="color: #008000;">//</span><span style="color: #008000;">安全过滤输入[jb]</span>function check_str($<span style="color: #0000ff;">string</span>, $isurl = <span style="color: #0000ff;">false</span><span style="color: #000000;">){$</span><span style="color: #0000ff;">string</span> = preg_replace(<span style="color: #800000;">'</span><span style="color: #800000;">/[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]/</span><span style="color: #800000;">'</span>,<span style="color: #800000;">''</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);$</span><span style="color: #0000ff;">string</span> = str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">\0</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">%00</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">\r</span><span style="color: #800000;">"</span>),<span style="color: #800000;">''</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);empty($isurl) </span>&& $<span style="color: #0000ff;">string</span> = preg_replace(<span style="color: #800000;">"</span><span style="color: #800000;">/&(?!(#[0-9]+|[a-z]+);)/si</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span><span style="color: #800000;">&</span><span style="color: #800000;">'</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);$</span><span style="color: #0000ff;">string</span> = str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">%3C</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span><span style="color: #800000;"><span style="color: #800000;">'</span>),<span style="color: #800000;">'</span><span style="color: #800000;"><span style="color: #800000;">'</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);$</span><span style="color: #0000ff;">string</span> = str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">%3E</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span><span style="color: #800000;">></span><span style="color: #800000;">'</span>),<span style="color: #800000;">'</span><span style="color: #800000;">></span><span style="color: #800000;">'</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);$</span><span style="color: #0000ff;">string</span> = str_replace(array(<span style="color: #800000;">'</span><span style="color: #800000;">"</span><span style="color: #800000;">'</span>,<span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">\t</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span> <span style="color: #800000;">'</span>),array(<span style="color: #800000;">'</span><span style="color: #800000;">“</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">‘</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span> <span style="color: #800000;">'</span>,<span style="color: #800000;">'</span> <span style="color: #800000;">'</span>),$<span style="color: #0000ff;">string</span><span style="color: #000000;">);</span><span style="color: #0000ff;">return</span> trim($<span style="color: #0000ff;">string</span><span style="color: #000000;">);}</span></span></span>
Nach dem Login kopieren

下面是整理的一些过滤函数:

<span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-过滤javascript,css,iframes,object等不安全参数 过滤级别高*  Controller中使用方法:$this->controller->fliter_script($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_script($value) {$value </span>= preg_replace(<span style="color: #800000;">"</span><span style="color: #800000;">/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">&111n\\2</span><span style="color: #800000;">"</span><span style="color: #000000;">,$value);$value </span>= preg_replace(<span style="color: #800000;">"</span><span style="color: #800000;">/(.*?)/si</span><span style="color: #800000;">"</span>,<span style="color: #800000;">""</span><span style="color: #000000;">,$value);$value </span>= preg_replace(<span style="color: #800000;">"</span><span style="color: #800000;">/(.*?)/si</span><span style="color: #800000;">"</span>,<span style="color: #800000;">""</span><span style="color: #000000;">,$value);$value </span>= preg_replace (<span style="color: #800000;">"</span><span style="color: #800000;">//iesU</span><span style="color: #800000;">"</span>, <span style="color: #800000;">''</span><span style="color: #000000;">, $value);</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> $value;}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-过滤HTML标签*  Controller中使用方法:$this->controller->fliter_html($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_html($value) {</span><span style="color: #0000ff;">if</span> (function_exists(<span style="color: #800000;">'</span><span style="color: #800000;">htmlspecialchars</span><span style="color: #800000;">'</span>)) <span style="color: #0000ff;">return</span><span style="color: #000000;"> htmlspecialchars($value);</span><span style="color: #0000ff;">return</span> str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">&</span><span style="color: #800000;">"</span>, <span style="color: #800000;">'</span><span style="color: #800000;">"</span><span style="color: #800000;">'</span>, <span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span>), array(<span style="color: #800000;">"</span><span style="color: #800000;">&</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\"</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span><span style="color: #000000;">), $value);}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-对进入的数据加下划线 防止SQL注入*  Controller中使用方法:$this->controller->fliter_sql($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_sql($value) {$sql </span>= array(<span style="color: #800000;">"</span><span style="color: #800000;">select</span><span style="color: #800000;">"</span>, <span style="color: #800000;">'</span><span style="color: #800000;">insert</span><span style="color: #800000;">'</span>, <span style="color: #800000;">"</span><span style="color: #800000;">update</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">delete</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\'</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\/\*</span><span style="color: #800000;">"</span><span style="color: #000000;">,     </span><span style="color: #800000;">"</span><span style="color: #800000;">\.\.\/</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\.\/</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">union</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">into</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">load_file</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">outfile</span><span style="color: #800000;">"</span><span style="color: #000000;">);$sql_re </span>= array(<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span><span style="color: #000000;">);</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> str_replace($sql, $sql_re, $value);}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-通用数据过滤*  Controller中使用方法:$this->controller->fliter_escape($value)* @param string $value 需要过滤的变量* @return string|array</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_escape($value) {</span><span style="color: #0000ff;">if</span><span style="color: #000000;"> (is_array($value)) {  </span><span style="color: #0000ff;">foreach</span> ($value <span style="color: #0000ff;">as</span> $k =><span style="color: #000000;"> $v) {   $value[$k] </span>=<span style="color: #000000;"> self::fliter_str($v);  }} </span><span style="color: #0000ff;">else</span><span style="color: #000000;"> {  $value </span>=<span style="color: #000000;"> self::fliter_str($value);}</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> $value;}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-字符串过滤 过滤特殊有危害字符*  Controller中使用方法:$this->controller->fliter_str($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_str($value) {$badstr </span>= array(<span style="color: #800000;">"</span><span style="color: #800000;">\0</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%00</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\r</span><span style="color: #800000;">"</span>, <span style="color: #800000;">'</span><span style="color: #800000;">&</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span> <span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">"</span><span style="color: #800000;">'</span>, <span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span>   <span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%3C</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%3E</span><span style="color: #800000;">"</span><span style="color: #000000;">);$newstr </span>= array(<span style="color: #800000;">''</span>, <span style="color: #800000;">''</span>, <span style="color: #800000;">''</span>, <span style="color: #800000;">'</span><span style="color: #800000;">&</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span> <span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">"</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'''</span><span style="color: #800000;">, "", "   ", "");</span>$value  =<span style="color: #000000;"> str_replace($badstr, $newstr, $value);$value  </span>= preg_replace(<span style="color: #800000;">'</span><span style="color: #800000;">/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">&\\1</span><span style="color: #800000;">'</span><span style="color: #000000;">, $value);</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> $value;}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 私有路劲安全转化*  Controller中使用方法:$this->controller->filter_dir($fileName)* @param string $fileName* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function filter_dir($fileName) {$tmpname </span>=<span style="color: #000000;"> strtolower($fileName);$temp </span>= array(<span style="color: #800000;">'</span><span style="color: #800000;">:/</span><span style="color: #800000;">'</span>,<span style="color: #800000;">"</span><span style="color: #800000;">\0</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">..</span><span style="color: #800000;">"</span><span style="color: #000000;">);</span><span style="color: #0000ff;">if</span> (str_replace($temp, <span style="color: #800000;">''</span>, $tmpname) !==<span style="color: #000000;"> $tmpname) {  </span><span style="color: #0000ff;">return</span> <span style="color: #0000ff;">false</span><span style="color: #000000;">;}</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> $fileName;}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 过滤目录*  Controller中使用方法:$this->controller->filter_path($path)* @param string $path* @return array</span><span style="color: #008000;">*/</span><span style="color: #0000ff;">public</span><span style="color: #000000;"> function filter_path($path) {$path </span>= str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span><span style="color: #800000;">#</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">=</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">`</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">$</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">%</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">&</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">;</span><span style="color: #800000;">'</span>), <span style="color: #800000;">''</span><span style="color: #000000;">, $path);</span><span style="color: #0000ff;">return</span> rtrim(preg_replace(<span style="color: #800000;">'</span><span style="color: #800000;">/(\/){2,}|(\\\){1,}/</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">/</span><span style="color: #800000;">'</span>, $path), <span style="color: #800000;">'</span><span style="color: #800000;">/</span><span style="color: #800000;">'</span><span style="color: #000000;">);}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 过滤PHP标签*  Controller中使用方法:$this->controller->filter_phptag($string)* @param string $string* @return string</span><span style="color: #008000;">*/</span><span style="color: #0000ff;">public</span> function filter_phptag($<span style="color: #0000ff;">string</span><span style="color: #000000;">) {</span><span style="color: #0000ff;">return</span> str_replace(array(<span style="color: #800000;">''</span>), array(<span style="color: #800000;">'</span><span style="color: #800000;"></span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">?></span><span style="color: #800000;">'</span>), $<span style="color: #0000ff;">string</span><span style="color: #000000;">);}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-返回函数*  Controller中使用方法:$this->controller->str_out($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #0000ff;">public</span><span style="color: #000000;"> function str_out($value) {$badstr </span>= array(<span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%3C</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%3E</span><span style="color: #800000;">"</span><span style="color: #000000;">);$newstr </span>= array(<span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span><span style="color: #000000;">);$value  </span>=<span style="color: #000000;"> str_replace($newstr, $badstr, $value);</span><span style="color: #0000ff;">return</span> stripslashes($value); <span style="color: #008000;">//</span><span style="color: #008000;">下划线</span>}</span></span></span></span></span></span>
Nach dem Login kopieren

 

Verwandte Etiketten:
Quelle:php.cn
Erklärung dieser Website
Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn
Beliebte Tutorials
Mehr>
Neueste Downloads
Mehr>
Web-Effekte
Quellcode der Website
Website-Materialien
Frontend-Vorlage