PHP filter sensitive character class example code-PHP Tutorial-php.cn

The so-called sensitive characters refer to articles that contain unhealthy or reactionary information, information that affects society, and will be regarded as sensitive characters. Because sometimes the sensitive characters entered by the user will invisibly affect the correct execution of the program, the famous database injection attack is to add database control instructions to the query conditions, thereby achieving the attacker's purpose.
This article mainly introduces the PHP form sensitive character filtering class and its usage examples. It analyzes in detail the filtering function for sensitive characters in form generation and submission. It is a very practical skill and is needed. Friends can refer to it. The specific analysis is as follows:
/** 
* 表单生成验证文件 
*/ 
$_form = new formHtmlFind(); 
class formHtmlFind{ 
        /** 
         * 输出表单函数 
         * $formKey  表单键 
         * $infoArray 更新时的原始信息数组 
         */ 
 
        public function formHtml($array,$infoArray=&#39;&#39;) 
        { 
                // 检测数组是否存在 
                if(emptyempty($array))return false; 
                $newform = null; 
                // 信息数组(更新信息) 
                $this->infoArray = !emptyempty($infoArray)?$infoArray:array(); 
                $this->array[&#39;class&#39;] =  get_class_methods(get_class()); 
                foreach ($array as $key =>$arr) 
                { 
                        // 键值转换为纯英文 
                        $key = preg_replace("/[^a-z]/i",&#39;&#39;,$key); 
                        // 生成表单 
                        $newform .= $this->outputForm($arr,$key); 
                } 
                // 输出表单 
                return $newform.$this->jsError(); 
        } 
        /** 
         * 生成表单函数 
         */ 
        private function outputForm($arr,$key) 
        { 
                $value = null; 
                if(emptyempty($arr))return false; 
                // input Type 
                $type   = $key; 
                // input NAME 
                $name   = trim($arr[0]); 
                // input 初始值 不包含多选,单选类 
                $value  = (!emptyempty($this->infoArray[$name]))? trim($this->infoArray[$name]):trim($arr[1]); 
                $value  = emptyempty($this->post[$name])? $value :trim($this->post[$name]); 
                // input Title 
                $title  = trim($arr[2]); 
                // 样式 
                $style  = trim($arr[3]); 
                if($key!=="hidden") 
                { 
                        $dt = "<dt>{$title}</dt><dd>"; 
                        // js错误提示 
                        $dd = "<tt id="J{$name}"></tt></dd>rn"; 
                } 
                return (!preg_match("/checkbox|select|radio/i",$key))? 
                $dt.$this->newInput($type,$name,$value,$style,$title).$dd: 
                $this->formSelect($type,$name,$arr[1],$title,$style); // 多选类 
        } 
        /** 
         * 提交数据检测 
         */ 
        public function postForm($array) 
        { 
                // 检测数组是否存在 
                if(emptyempty($array)||emptyempty($_POST))return false; 
                $this->post           =  $_POST; 
                $this->array[&#39;class&#39;] =  get_class_methods(get_class()); 
                foreach ($array as $key =>$arr) 
                { 
                        // 键值转换为纯英文 
                        $key = preg_replace("/[^a-z]/i",&#39;&#39;,$key); 
                        // 检测 注销file类表单 
                        if (!emptyempty($arr)&&&#39;file&#39; != $key)$newData[trim($arr[0])] = $this->postFind($arr,$key); 
                } 
                // 输出表单 
                if(!emptyempty($this->error)) 
                { 
                        return false; 
                } 
                else return $newData; 
        } 
        /** 
         * 生成表单 
         */ 
        private function newInput($type,$name,$value,$style,$title) 
        { 
                switch ($type) 
                { 
                        case &#39;text&#39;: 
                                // 单行文本 
                                return  "<input type="text" name="{$name}" value="{$value}" {$style}/>"; 
                                break; 
                        case &#39;password&#39;: 
                                //密码输入 
                                return "<input type="password" name="{$name}" {$style}/>"; 
                                break; 
                        case &#39;&#39;: 
                                //多行文本 
                                return "<textarea name="{$name}" {$style}/>{$value}</textarea>"; 
                                break; 
                        case &#39;hidden&#39;: 
                                // 隐藏 
                                return "<input type="hidden" name="{$name}" value="{$value}" {$style}/>"; 
                                break; 
                        case &#39;file&#39;: 
                                // 文件上传 
                                return "<input type= "file"name="{$name}" {$style}/>"; 
                                break; 
                        case &#39;submit&#39;: 
                                // 提交 
                                return "<input type="submit" name="{$name}" value="$value" $style}/>"; 
                                break; 
                        default: 
                                return "{$type}类型错误!!!"; 
                                break; 
                } 
        } 
        /** 
         * 提交信息检测 
         * 错误返回error 
         */ 
        private function postFind($arr,$key) 
        { 
                if(emptyempty($arr))return false; 
                $name = $title =$error =$find =$standard =null; 
                // input NAME 
                $name     = trim($arr[0]); 
                // input Title 
                $title    = trim($arr[2]); 
                // 错误提示 
                $error    = trim($arr[4]); 
                // 检测类型 Y N 
                $find     = trim($arr[5]); 
                // 检测标准 
                $standard = trim($arr[6]); 
                // 
                if(!emptyempty($standard))$this->error .=$this->ck_split($standard,$name,$title,$find,$error); 
                // 转换为字符串 
                if(is_array($this->post[$name]))$this->post[$name] = implode(",",$this->post[$name]); 
                // 转义或其他转化 
                $KKarray = array(); 
                if(preg_match("/Y|N/is",$find)) 
                { 
                        $KKarray       = split("_", $find); 
                        // 转义或过滤 
                        $escape_filter = (!emptyempty($KKarray[1]))?&#39;ck_&#39;.$KKarray[1]:&#39;&#39;; 
                        // 输出通过检测的合法数据 
                        $data          = ($escape_filter)?$this->$escape_filter($this->post[$name]):$this->post[$name]; 
 
                } 
                else  $data        = ""; 
                // 输出新的数据 
                return $data; 
        } 
        /** 
         * 多选类表单生成 
         */ 
        private function formSelect($type,$name,$value,$title,$style) 
        { 
                $outform = null; 
                // 触发更新和提交动作时的初始 
                $nowvalue = (!emptyempty($this->post[$name]))?$this->post[$name]:$this->infoarray[$name]; 
                // 兼容多选的识别,转为数组 
                if(!emptyempty($nowvalue))$valueArray = explode(",",$nowvalue); 
                // 选项标题 
                if(is_array($title)) 
                { 
                        array_unshift($title,&#39;选择&#39;); 
                        $titarray = array_values($title); 
                }else $titarray = explode("|",$title); 
                // 选项值 
                if(is_array($value)) 
                { 
                        array_unshift($value,&#39;选择&#39;); 
                        $valarray  = array_keys($value); 
                        if(emptyempty($title))$titarray = array_values($value); 
                } 
                else $valarray = explode("|",$value); 
                // 取消表单的初始默认值 
                if(!emptyempty($this->post)&&!emptyempty($this->infoArray))$value = preg_replace("/Y_/i",&#39;&#39;,$value); 
 
                foreach ($valarray as $key =>$varl) 
                { 
                        // 非默认的识别 
                        if(!emptyempty($valueArray))$select   = (in_array($varl,$valueArray))?&#39;Y&#39;:&#39;&#39;; 
                        //  判断是否为默认 
                        else $select   = (eregi("Y_",$varl))? &#39;Y&#39;:&#39;&#39;; 
 
                        if($key >&#39;0&#39;) 
                        { 
                                $_title=($titarray[$key])? $titarray[$key]:$title; 
                                switch ($type) 
                                { 
                                        case &#39;select&#39;: 
                                                if(&#39;Y&#39; == $select)$select = &#39;selected&#39;; 
                                                $outform .=        sprintf("<option %s value="%s"/>%s</option>rn" 
                                                ,$select,preg_replace("/Y_/i",&#39;&#39;,$varl),$_title); 
                                                break; 
                                        case &#39;radio&#39;: 
                                                if(&#39;Y&#39; == $select)$select = &#39;checked&#39;; 
                                                $outform .= sprintf("<label>%s<input %s type="radio" name="%s" value="%s" %s/></label>rn", 
                                                $_title,$select,$name,$varl,$style); 
                                                break; 
                                        case &#39;checkbox&#39;: 
                                                if(&#39;Y&#39; == $select)$select = &#39;checked&#39;; 
                                                $outform .= sprintf("<label>%s<input %s type="checkbox" name="%s[]" value="%s" %s/></label>rn",$_title,$select,$name,$varl,$style); 
                                                break; 
                                } 
                                $select =null; 
                        } 
                } 
                // 下拉选择 
                if($type ==&#39;select&#39;)$outform = sprintf(&#39;<select name="%s" %s>%s</select>&#39;,$name,$style,$outform); 
                return sprintf("<dt>%s</dt><dd>%s<tt id="J%s"></tt></dd>rn",$titarray[0],$outform,$name); 
        } 
        /** 
         * 表单验证 及全部 ck_类函数 
         */ 
        private function ck_split($standard,$name,$title,$find,$error) 
        { 
                //  非必填缺省跳过 
                if(eregi(&#39;N&#39;,$find) && emptyempty($this->post[$name]))return false; 
                // 必填缺省检测 
                if(eregi(&#39;Y&#39;,$find) && emptyempty($this->post[$name]))return "["J{$name}","$error"],"; 
                $t_error = null; 
                // 多项检测 
                $arr = explode(&#39;,&#39;,$standard); 
                // POST数据检测 
                if(!emptyempty($arr))foreach ($arr as $var) 
                { 
                        if(trim($var)!=&#39;&#39;) 
                        { 
                                switch ($this->post) 
                                { 
                                        case is_array($this->post[$name]): 
                                                // 数组类的检测 
                                                foreach ($this->post[$name] as $_var) 
                                                { 
                                                        $t_error.= ($this->ck_open($_var,trim($var)))?"":$error; 
                                                        if($t_error)break; 
                                                } 
                                                break; 
                                        default: 
                                                $t_error.= ($this->ck_open($this->post[$name],trim($var)))?"":$error; 
                                                break; 
                                } 
                                if($t_error)break; 
                        } 
                } 
                return ($t_error)? "["J{$name}","$t_error"],":""; 
        } 
        // 函数调用 
        private function ck_open($string,$str) 
        { 
                $functi = $this->ck_detected($str); 
                return ($this->$functi($string,$str))? true:false; 
        } 
        // 类型判断 
        private function ck_detected($str) 
        { 
                $detect = (eregi("^[a-zA-Z]*$",$str))? "{$str}Detect":&#39;lengthDetect&#39;; 
                if(!in_array($detect,$this->array[&#39;class&#39;])) 
                { 
                        location(&#39;index.php&#39;,$ck,&#39; Lack of function !!!&#39;); 
                } 
                return $detect; 
        } 
        //-------------------------------------以下为检测函数可外部调用 
        // 长度 
        public function lengthDetect($string,$str){ 
                $len = split(&#39;-&#39;,trim($str)); 
                return (strlen($string) > ($len[0]-1) && strlen($string) < ($len[1]+1))? true:false; 
        } 
        // 价格 
        public function moneyDetect($str){ 
                return preg_match("/^(-|+)?d+(.d+)?$/",$str); 
        } 
        // 邮件 
        public function emailDetect($str){ 
                return preg_match("/^w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*$/", $str); 
        } 
        // 网址 
        public function urlDetect($str){ 
                return preg_match("/^http://[A-Za-z0-9]+.[A-Za-z0-9]+[/=?%-&_~`@[]&#39;:+!]*([^<>"])*$/", $str); 
        } 
        // 数字型 
        public function numDetect($str){ 
                return is_numeric($str); 
        } 
        // 中文 
        public function cnDetect($str){ 
                return preg_match("/^[x7f-xff]+$/", $str); 
        } 
        // 字母 
        public function enDetect($str){ 
                return preg_match("/^[A-Za-z]+$/", $str); 
        } 
        // 数字字母混合 
        public function numenDetect($str){ 
                return preg_match("/^([a-zA-Z0-9_-])+$/",$str); 
        } 
        // 电话号码 
        public function telDetect($str){ 
                return ereg("^[+]?[0-9]+([xX-][0-9]+)*$", $str); 
        } 
        // 敏感词 
        public function keyDetect($str){ 
                return (!preg_match("/$badkey/i",$str)); 
        } 
        //-----------------------------------------------------输出 
        // 字符替换 
        public function ck_filter($str){ 
                $str=(is_array($str))? implode(",",$str):$str; 
                $str=nl2br($str); //将回车替换为<br> 
                $str=htmlspecialchars($str); //将特殊字元转成 HTML 格式。 
                //$str=str_replace(array("　",&#39;<? &#39;),array(" ",&#39;< ?&#39;),$str); //替换空格替换为 
                return $str; 
        } 
        // 转义 
        function ck_escape($str) 
        { 
                if (!get_magic_quotes_gpc())return addslashes($str); 
                return $str; 
        } 
        // MD5加密 
        public function ck_md5($str){ 
                return  MD5($str); 
        } 
        // base64加密 
        public function ck_base64($str){ 
                return  base64_encode($str); 
        } 
        // 时间 
        function ck_time($str){ 
                // time_r() 来在公用函数文件 
                if(!is_numeric($str)) 
                { 
                        return time_r($str); 
                } 
                else return $str; 
        } 
        // 有条件注销(数字) 
        public function ck_cancel($str){ 
                return (!is_numeric($str))? $str:""; 
        } 
        // 无条件注销 
        public function ck_delete(){ 
                return null; 
        } 
        // js错误提示 
        private function jsError() 
        { 
                if(emptyempty($this->error))return false; 
                return  " 
                <script  language=javascript> rn var error = new Array(".trim($this->error,&#39;,&#39;)."); 
                        rn for (i=0; i < error.length; i++){ 
                        rn document.getElementById(error[0]).innerHTML=error[1]; 
                         }rn </script> 
                "; 
        } 
} 
 
// 演示: 
$form[1] =array( 
&#39;text&#39;=>array(&#39;title&#39;,&#39;&#39;,&#39;产品名称&#39;,&#39;size=40&#39;,&#39;产品名称不可缺少!&#39;,&#39;Y&#39;,&#39;cn,1-30&#39;), 
&#39;text1&#39;=>array(&#39;categories&#39;,&#39;&#39;,&#39;产品名称&#39;,&#39;&#39;,&#39;&#39;,&#39;Y_base64&#39;), 
&#39;select&#39;=>array(&#39;superiors&#39;,&#39;||1|2|Y_3&#39;,&#39;产品类别|选择|1|2|3&#39;,&#39;&#39;,&#39;必选项&#39;,&#39;Y&#39;), 
&#39;radio&#39;=>array(&#39;superiors1&#39;,&#39;|1|Y_2|3&#39;,&#39;产品xun|产品1|产品2|产品3&#39;,&#39;&#39;,&#39;必选项&#39;,&#39;Y&#39;), 
&#39;checkbox&#39;=>array(&#39;superiors2&#39;,array(1=>&#39;11&#39;,2=>&#39;22&#39;,3=>&#39;33&#39;),&#39;&#39;,&#39;&#39;,&#39;必选项&#39;,&#39;Y&#39;), 
&#39;file&#39;=>array(&#39;ddd&#39;,&#39;&#39;,&#39;文件&#39;), 
); 
$form =array ( 
  &#39;login&#39; =>  
  array ( 
    &#39;text&#39; =>  
    array ( 
      0 => &#39;user&#39;, 
      1 => &#39;&#39;, 
      2 => &#39;用户名&#39;, 
      3 => &#39;size=20&#39;, 
      4 => &#39;!&#39;, 
      5 => &#39;Y&#39;, 
      6 => &#39;numen,6-12&#39;, 
    ), 
    &#39;password&#39; =>  
    array ( 
      0 => &#39;pass&#39;, 
      1 => &#39;&#39;, 
      2 => &#39;密 码&#39;, 
      3 => &#39;size=22&#39;, 
      4 => &#39;密码格式错误!&#39;, 
      5 => &#39;Y_md5&#39;, 
      6 => &#39;numen,6-12&#39;, 
    ), 
    &#39;radio&#39; =>  
    array ( 
      0 => &#39;time&#39;, 
      1 => &#39;|7200|3600|1800&#39;, 
      2 => &#39;cookies有效时间|2小时|1小时|30分钟&#39;, 
      3 => &#39;&#39;, 
      4 => &#39;&#39;, 
      5 => &#39;N_delete&#39;, 
      6 => &#39;&#39;, 
    ), 
  ), 
  ); 
 
// 表单提交效验 
$past = $_form->postForm($form[&#39;login&#39;]); 
$dd = array(&#39;title&#39;=>&#39;标题&#39;,&#39;categories&#39;=>&#39;类别&#39;); 
// $dd 为已有的信息(如更新时的信息输出) POST数据位内部处理具有优先权
if(!emptyempty($past)) 
{ 
        echo "<pre class="brush:php;toolbar:false">"; 
        print_r($past); 
        echo"
"; } echo '';
Copy after login
The above is the detailed content of PHP filter sensitive character class example code. For more information, please follow other related articles on the PHP Chinese website!