Illegal data processing of Get or Post submitted values
//***************************************************** ****
//-- Program name: StrSwap V1.01
//-- Program writing: [email]cngift@163.com[/email]
//-- Completion: 2002 -8-1
//-- Program purpose: illegal data processing of Get or Post submitted values
//-- Note: This program needs to be loaded and used before all program processing, so that it can be automatically performed
/ /-- Replacement of variables used in the program
//-- Emergency upgrade due to the discovery of serious BUG
//-- Copyright By cngift ◎ 2002
//********** ************************************************
class StrSwap{
//The connector used to connect variables when submitting variables in Get mode
var $GetSplitStr = "&&";
var $TempArray = array();
var $VariableArray = array();
//******************************** ************************
//-- Program name: Main()
//-- Program purpose: This category Default running mode
//-- Incoming parameters: none
//****************************** ******************************
function Main(){
global $REQUEST_METHOD;
if("GET"==$REQUEST_METHOD){
$this->SubGetStrToArray();
}
if("POST"==$REQUEST_METHOD){
$this->SubPostStrToArray();
}
$this->GlobalVariable();
}
//********************************************** ***********
//-- Program name: SubGetStrToArray()
//-- Program purpose: The method called when the variable is submitted in Get mode
// -- Incoming parameters: None
//************************************** ******************
function SubGetStrToArray(){
global $QUERY_STRING;
$this->TempArray = explode ($this->GetSplitStr,$QUERY_STRING);
for($i=0;$i
$temp = explode('=',$this->TempArray[$i]);
$this->VariableArray[$i][0] = $temp[0];
$this-> VariableArray[$i][1] = $this->StrReplace($temp[1]);
}
}
//***** *************************************************** *
//-- Program name: SubPostStrToArray()
//-- Program purpose: Method called when variables are submitted in POST mode
//-- Incoming parameters: None
//************************************************ ********
function SubPostStrToArray(){
global $_POST;
reset($_POST);
for($i=0;$i< ;count($_POST);$i++){
$this->VariableArray[$i][0] = key($_POST);
$this->VariableArray[$i] [1] = $this->StrReplace($_POST[key($_POST)]);
next($_POST);
}
}
// *************************************************** ******
//-- Program name: StrReplace()
//-- Program purpose: replace illegal characters in variables
//-- Incoming parameters: variable value
//*********************************************** *********
function StrReplace($str){
$str = StripSlashes($str);
$str = str_replace(chr(92), '',$str);
$str = str_replace(chr(47),'',$str);
$str = str_replace(chr(10).chr(13),"
",$str);
$str = str_replace('<',"<",$str);
$str = str_replace('>',">",$str);
$str = str_replace(';',";",$str);
$str = str_replace('"',""",$str);
$str = str_replace("' ","'",$str);
$str = str_replace(" "," ",$str);
$str = str_replace("/**/"," ",$str);
return trim($str);
}
//************************************************ ************
//-- Program name: GlobalVariable()
//-- Program purpose: Declare variables as global variables to facilitate calls from other programs
//- - Incoming parameters: None
//****************************************** *****************
function GlobalVariable(){
for($i=0;$i
global $$this->VariableArray[$i][0];
${$this->VariableArray[$i][0]} = $this->VariableArray[$i][1];
}
}
}
?>