Home >Backend Development >PHP Tutorial >php 保险过滤函数代码

php 保险过滤函数代码

WBOY
WBOYOriginal
2016-06-13 12:28:371044browse

php 安全过滤函数代码

php 安全过滤函数代码,防止用户恶意输入内容。

<span style="color: #008000;">//</span><span style="color: #008000;">安全过滤输入[jb]</span>function check_str($<span style="color: #0000ff;">string</span>, $isurl = <span style="color: #0000ff;">false</span><span style="color: #000000;">){$</span><span style="color: #0000ff;">string</span> = preg_replace(<span style="color: #800000;">'</span><span style="color: #800000;">/[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]/</span><span style="color: #800000;">'</span>,<span style="color: #800000;">''</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);$</span><span style="color: #0000ff;">string</span> = str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">\0</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">%00</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">\r</span><span style="color: #800000;">"</span>),<span style="color: #800000;">''</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);empty($isurl) </span>&& $<span style="color: #0000ff;">string</span> = preg_replace(<span style="color: #800000;">"</span><span style="color: #800000;">/&(?!(#[0-9]+|[a-z]+);)/si</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span><span style="color: #800000;">&</span><span style="color: #800000;">'</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);$</span><span style="color: #0000ff;">string</span> = str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">%3C</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span><span style="color: #800000;"><span style="color: #800000;">'</span>),<span style="color: #800000;">'</span><span style="color: #800000;"><span style="color: #800000;">'</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);$</span><span style="color: #0000ff;">string</span> = str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">%3E</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span><span style="color: #800000;">></span><span style="color: #800000;">'</span>),<span style="color: #800000;">'</span><span style="color: #800000;">></span><span style="color: #800000;">'</span>,$<span style="color: #0000ff;">string</span><span style="color: #000000;">);$</span><span style="color: #0000ff;">string</span> = str_replace(array(<span style="color: #800000;">'</span><span style="color: #800000;">"</span><span style="color: #800000;">'</span>,<span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">\t</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span> <span style="color: #800000;">'</span>),array(<span style="color: #800000;">'</span><span style="color: #800000;">“</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">‘</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span> <span style="color: #800000;">'</span>,<span style="color: #800000;">'</span> <span style="color: #800000;">'</span>),$<span style="color: #0000ff;">string</span><span style="color: #000000;">);</span><span style="color: #0000ff;">return</span> trim($<span style="color: #0000ff;">string</span><span style="color: #000000;">);}</span></span></span>

下面是整理的一些过滤函数:

<span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-过滤javascript,css,iframes,object等不安全参数 过滤级别高*  Controller中使用方法:$this->controller->fliter_script($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_script($value) {$value </span>= preg_replace(<span style="color: #800000;">"</span><span style="color: #800000;">/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i</span><span style="color: #800000;">"</span>,<span style="color: #800000;">"</span><span style="color: #800000;">&111n\\2</span><span style="color: #800000;">"</span><span style="color: #000000;">,$value);$value </span>= preg_replace(<span style="color: #800000;">"</span><span style="color: #800000;">/(.*?)/si</span><span style="color: #800000;">"</span>,<span style="color: #800000;">""</span><span style="color: #000000;">,$value);$value </span>= preg_replace(<span style="color: #800000;">"</span><span style="color: #800000;">/(.*?)/si</span><span style="color: #800000;">"</span>,<span style="color: #800000;">""</span><span style="color: #000000;">,$value);$value </span>= preg_replace (<span style="color: #800000;">"</span><span style="color: #800000;">//iesU</span><span style="color: #800000;">"</span>, <span style="color: #800000;">''</span><span style="color: #000000;">, $value);</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> $value;}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-过滤HTML标签*  Controller中使用方法:$this->controller->fliter_html($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_html($value) {</span><span style="color: #0000ff;">if</span> (function_exists(<span style="color: #800000;">'</span><span style="color: #800000;">htmlspecialchars</span><span style="color: #800000;">'</span>)) <span style="color: #0000ff;">return</span><span style="color: #000000;"> htmlspecialchars($value);</span><span style="color: #0000ff;">return</span> str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">&</span><span style="color: #800000;">"</span>, <span style="color: #800000;">'</span><span style="color: #800000;">"</span><span style="color: #800000;">'</span>, <span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span>), array(<span style="color: #800000;">"</span><span style="color: #800000;">&</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\"</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span><span style="color: #000000;">), $value);}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-对进入的数据加下划线 防止SQL注入*  Controller中使用方法:$this->controller->fliter_sql($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_sql($value) {$sql </span>= array(<span style="color: #800000;">"</span><span style="color: #800000;">select</span><span style="color: #800000;">"</span>, <span style="color: #800000;">'</span><span style="color: #800000;">insert</span><span style="color: #800000;">'</span>, <span style="color: #800000;">"</span><span style="color: #800000;">update</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">delete</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\'</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\/\*</span><span style="color: #800000;">"</span><span style="color: #000000;">,     </span><span style="color: #800000;">"</span><span style="color: #800000;">\.\.\/</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\.\/</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">union</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">into</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">load_file</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">outfile</span><span style="color: #800000;">"</span><span style="color: #000000;">);$sql_re </span>= array(<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span>,<span style="color: #800000;">""</span><span style="color: #000000;">);</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> str_replace($sql, $sql_re, $value);}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-通用数据过滤*  Controller中使用方法:$this->controller->fliter_escape($value)* @param string $value 需要过滤的变量* @return string|array</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_escape($value) {</span><span style="color: #0000ff;">if</span><span style="color: #000000;"> (is_array($value)) {  </span><span style="color: #0000ff;">foreach</span> ($value <span style="color: #0000ff;">as</span> $k =><span style="color: #000000;"> $v) {   $value[$k] </span>=<span style="color: #000000;"> self::fliter_str($v);  }} </span><span style="color: #0000ff;">else</span><span style="color: #000000;"> {  $value </span>=<span style="color: #000000;"> self::fliter_str($value);}</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> $value;}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-字符串过滤 过滤特殊有危害字符*  Controller中使用方法:$this->controller->fliter_str($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function fliter_str($value) {$badstr </span>= array(<span style="color: #800000;">"</span><span style="color: #800000;">\0</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%00</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">\r</span><span style="color: #800000;">"</span>, <span style="color: #800000;">'</span><span style="color: #800000;">&</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span> <span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">"</span><span style="color: #800000;">'</span>, <span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span>   <span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%3C</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%3E</span><span style="color: #800000;">"</span><span style="color: #000000;">);$newstr </span>= array(<span style="color: #800000;">''</span>, <span style="color: #800000;">''</span>, <span style="color: #800000;">''</span>, <span style="color: #800000;">'</span><span style="color: #800000;">&</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span> <span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">"</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'''</span><span style="color: #800000;">, "", "   ", "");</span>$value  =<span style="color: #000000;"> str_replace($badstr, $newstr, $value);$value  </span>= preg_replace(<span style="color: #800000;">'</span><span style="color: #800000;">/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">&\\1</span><span style="color: #800000;">'</span><span style="color: #000000;">, $value);</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> $value;}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 私有路劲安全转化*  Controller中使用方法:$this->controller->filter_dir($fileName)* @param string $fileName* @return string</span><span style="color: #008000;">*/</span><span style="color: #000000;">function filter_dir($fileName) {$tmpname </span>=<span style="color: #000000;"> strtolower($fileName);$temp </span>= array(<span style="color: #800000;">'</span><span style="color: #800000;">:/</span><span style="color: #800000;">'</span>,<span style="color: #800000;">"</span><span style="color: #800000;">\0</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">..</span><span style="color: #800000;">"</span><span style="color: #000000;">);</span><span style="color: #0000ff;">if</span> (str_replace($temp, <span style="color: #800000;">''</span>, $tmpname) !==<span style="color: #000000;"> $tmpname) {  </span><span style="color: #0000ff;">return</span> <span style="color: #0000ff;">false</span><span style="color: #000000;">;}</span><span style="color: #0000ff;">return</span><span style="color: #000000;"> $fileName;}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 过滤目录*  Controller中使用方法:$this->controller->filter_path($path)* @param string $path* @return array</span><span style="color: #008000;">*/</span><span style="color: #0000ff;">public</span><span style="color: #000000;"> function filter_path($path) {$path </span>= str_replace(array(<span style="color: #800000;">"</span><span style="color: #800000;">'</span><span style="color: #800000;">"</span>,<span style="color: #800000;">'</span><span style="color: #800000;">#</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">=</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">`</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">$</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">%</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">&</span><span style="color: #800000;">'</span>,<span style="color: #800000;">'</span><span style="color: #800000;">;</span><span style="color: #800000;">'</span>), <span style="color: #800000;">''</span><span style="color: #000000;">, $path);</span><span style="color: #0000ff;">return</span> rtrim(preg_replace(<span style="color: #800000;">'</span><span style="color: #800000;">/(\/){2,}|(\\\){1,}/</span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">/</span><span style="color: #800000;">'</span>, $path), <span style="color: #800000;">'</span><span style="color: #800000;">/</span><span style="color: #800000;">'</span><span style="color: #000000;">);}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 过滤PHP标签*  Controller中使用方法:$this->controller->filter_phptag($string)* @param string $string* @return string</span><span style="color: #008000;">*/</span><span style="color: #0000ff;">public</span> function filter_phptag($<span style="color: #0000ff;">string</span><span style="color: #000000;">) {</span><span style="color: #0000ff;">return</span> str_replace(array(<span style="color: #800000;">''</span>), array(<span style="color: #800000;">'</span><span style="color: #800000;"></span><span style="color: #800000;">'</span>, <span style="color: #800000;">'</span><span style="color: #800000;">?></span><span style="color: #800000;">'</span>), $<span style="color: #0000ff;">string</span><span style="color: #000000;">);}</span><span style="color: #008000;">/*</span><span style="color: #008000;">** 安全过滤类-返回函数*  Controller中使用方法:$this->controller->str_out($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000;">*/</span><span style="color: #0000ff;">public</span><span style="color: #000000;"> function str_out($value) {$badstr </span>= array(<span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%3C</span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">%3E</span><span style="color: #800000;">"</span><span style="color: #000000;">);$newstr </span>= array(<span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;"><span style="color: #800000;">"</span>, <span style="color: #800000;">"</span><span style="color: #800000;">></span><span style="color: #800000;">"</span><span style="color: #000000;">);$value  </span>=<span style="color: #000000;"> str_replace($newstr, $badstr, $value);</span><span style="color: #0000ff;">return</span> stripslashes($value); <span style="color: #008000;">//</span><span style="color: #008000;">下划线</span>}</span></span></span></span></span></span>

 

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn