php过滤特殊危险字符的总结-php手册-php.cn

Table of Contents

php过滤特殊危险字符的总结

Home

php教程

php手册

php过滤特殊危险字符的总结

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 09:24 AM

character

php过滤特殊危险字符的总结

一般，对于传进来的字符，php教程可以用addslashes函数处理一遍（要get_magic_quotes_gpc()为假才处理，不然就重复转义了！），这样就能达到一定程度的安全要求
比如这样

代码如下复制代码
if (!get_magic_quotes_gpc()) {
add_slashes($_GET);
add_slashes($_POST);
add_slashes($_COOKIE);
}

function add_slashes($string) {
if (is_array($string)) {
foreach ($string as $key => $value) {
$string[$key] = add_slashes($value);
}
} else {
$string = addslashes($string);
}
return $string;
}

但是还可以更进一步进行重新编码，解码，如下：

代码如下复制代码
//编码

function htmlencode($str) {
if(empty($str)) return;
if($str=="") return $str;
$str=trim($str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(chr(32)," ",$str);
$str=str_replace(chr(9)," ",$str);
$str=str_replace(chr(34),"&",$str);
$str=str_replace(chr(39),"'",$str);
$str=str_replace(chr(13),"
",$str);
$str=str_replace("'","''",$str);
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cast","cas",$str);
return $str;
}

这样就能更放心的对外来数据进行入库处理了，但是从数据库取出来，在前台显示的时候，必须重新解码一下：

代码如下复制代码
//解码

function htmldecode($str) {
if(empty($str)) return;
if($str=="") return $str;
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace((www.111cn.net)"modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast",$str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(" ",chr(32),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace("&",chr(34),$str);
$str=str_replace("'",chr(39),$str);
$str=str_replace("
",chr(13),$str);
$str=str_replace("''","'",$str);
return $str;
}

虽然多了一步编码，解码的过程，但是安全方面，会更进一步，要如何做，自己取舍吧。

再附一些

代码如下复制代码
function safe_replace($string) {
$string = str_replace(' ','',$string);
$string = str_replace(''','',$string);
$string = str_replace(''','',$string);
$string = str_replace('*','',$string);
$string = str_replace('"','"',$string);
$string = str_replace("'",'',$string);
$string = str_replace('"','',$string);
$string = str_replace(';','',$string);
$string = str_replace(' $string = str_replace('>','>',$string);
$string = str_replace("{",'',$string);
$string = str_replace('}','',$string);
return $string;
}

更全面的

代码如下复制代码
//处理提交的数据
function htmldecode($str) {
if (empty ( $str ) || "" == $str) {
return "";
}

$str = strip_tags ( $str );
$str = htmlspecialchars ( $str );
$str = nl2br ( $str );
$str = str_replace ( "?", "", $str );
$str = str_replace ( "*", "", $str );
$str = str_replace ( "!", "", $str );
$str = str_replace ( "~", "", $str );
$str = str_replace ( "$", "", $str );
$str = str_replace ( "%", "", $str );
$str = str_replace ( "^", "", $str );
$str = str_replace ( "^", "", $str );
$str = str_replace ( "select", "", $str );
$str = str_replace ( "join", "", $str );
$str = str_replace ( "union", "", $str );
$str = str_replace ( "where", "", $str );
$str = str_replace ( "insert", "", $str );
$str = str_replace ( "delete", "", $str );
$str = str_replace ( "update", "", $str );
$str = str_replace ( "like", "", $str );
$str = str_replace ( "drop", "", $str );
$str = str_replace ( "create", "", $str );
$str = str_replace ( "modify", "", $str );
$str = str_replace ( "rename", "", $str );
$str = str_replace ( "alter", "", $str );
$str = str_replace ( "cast", "", $str );

$farr = array ("//s+/", //过滤多余的空白
"/]*?)>/isU", //过滤 <script> "/(<[^>]*)on[a-zA-Z]+/s*=([^>]*>)/isU" )//过滤javascript的on事件 <br> ; <br> $tarr = array (" ", "", //如果要直接清除不安全的标签，这里可以留空 <br> "" ); <br> return $str; <br> }<br> <br> from:http://www.111cn.net/phper/phpanqn/55876.htm </script>

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks ago By DDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

WWE 2K25: How To Unlock Everything In MyRise

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7467

CakePHP Tutorial

1376

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

Related knowledge

Use java's Character.isDigit() function to determine whether a character is a number Jul 27, 2023 am 09:32 AM

Use Java's Character.isDigit() function to determine whether a character is a numeric character. Characters are represented in the form of ASCII codes internally in the computer. Each character has a corresponding ASCII code. Among them, the ASCII code values corresponding to the numeric characters 0 to 9 are 48 to 57 respectively. To determine whether a character is a number, you can use the isDigit() method provided by the Character class in Java. The isDigit() method is of the Character class

How to type arrows in Word Apr 16, 2023 pm 11:37 PM

How to use AutoCorrect to type arrows in Word One of the fastest ways to type arrows in Word is to use the predefined AutoCorrect shortcuts. If you type a specific sequence of characters, Word automatically converts those characters into arrow symbols. You can draw many different arrow styles using this method. To type an arrow in Word using AutoCorrect: Move your cursor to the location in the document where you want the arrow to appear. Type one of the following character combinations: If you don't want what you type to be corrected to an arrow symbol, press the backspace key on your keyboard to

How to apply superscript and subscript formatting options in Microsoft Excel Apr 14, 2023 pm 12:07 PM

A superscript is a character or characters, either letters or numbers, that you need to set slightly above the normal line of text. For example, if you need to write 1st, the letter st needs to be slightly higher than the character 1. Likewise, a subscript is a group of characters or a single character and needs to be set slightly lower than normal text level. For example, when you write a chemical formula, you need to place the numbers below the normal line of characters. The following screenshots show some examples of superscript and subscript formatting. Although it may seem like a daunting task, applying superscript and subscript formatting to your text is actually quite simple. In this article, we will explain in some simple steps how to easily format text using superscript or subscript. Hope you enjoyed reading this article. How to apply superscript in Excel

How do you enter extended characters, such as the degree symbol, on iPhone and Mac? Apr 22, 2023 pm 02:01 PM

Your physical or numeric keyboard provides a limited number of character options on the surface. However, there are several ways to access accented letters, special characters, and more on iPhone, iPad, and Mac. The standard iOS keyboard gives you quick access to uppercase and lowercase letters, standard numbers, punctuation, and characters. Of course, there are many other characters. You can choose from letters with diacritics to upside-down question marks. You may have stumbled upon a hidden special character. If not, here's how to access them on iPhone, iPad, and Mac. How to Access Extended Characters on iPhone and iPad Getting extended characters on your iPhone or iPad is very simple. In "Information", "

Correct way to display Chinese characters in matplotlib Jan 13, 2024 am 11:03 AM

Correctly displaying Chinese characters in matplotlib is a problem often encountered by many Chinese users. By default, matplotlib uses English fonts and cannot display Chinese characters correctly. To solve this problem, we need to set the correct Chinese font and apply it to matplotlib. Below are some specific code examples to help you display Chinese characters correctly in matplotlib. First, we need to import the required libraries: importmatplot

How to use Golang to determine whether a character is a letter Dec 23, 2023 am 11:57 AM

How to use Golang to determine whether a character is a letter. In Golang, determining whether a character is a letter can be achieved by using the IsLetter function in the Unicode package. The IsLetter function checks whether the given character is a letter. Next, we will introduce in detail how to use Golang to write code to determine whether a character is a letter. First, you need to create a new Go file in which to write the code. You can name the file "main.go". code

Regarding the character representation of the Enter key in Java, which one is it? Mar 29, 2024 am 11:48 AM

The character representation of the Enter key in Java is `. In Java, ` represents a newline character, and when this character is encountered, the text output will wrap. Here is a simple code example that demonstrates how to use `` to represent the Enter key: publicclassMain{publicstaticvoidmain(String[]args){System.out.println("This is the first line of this

How to type special characters on Windows 11 Apr 17, 2023 pm 08:28 PM

Enable touch keyboard in tablet mode If you have a touch screen laptop, you can use the touch keyboard to type multiple special characters on Windows 11. This is probably the easiest way to add special characters. Enable special characters for touchscreen on Windows 11: Open the Start menu and select Settings. When Settings opens, navigate to Time & Language > Typing > Touch Keyboard. In the Typing menu, check the "Show touch keyboard when no keyboard is available" option. Enable touch keyboard without tablet mode Another way to access the touch keyboard is to make it appear on the taskbar full-time. To make the touch keyboard accessible, you need to tell Windows 11 to display it. Use the following steps: From the Start menu, select

See all articles