Maison >développement back-end >tutoriel php >php 过滤非法与特殊字符串的方法

php 过滤非法与特殊字符串的方法

PHP中文网
PHP中文网avant
2016-07-25 08:56:323764parcourir

在留言板中,有时需要对用户输入内容进行过滤,将一些非法与特殊字符串进行过滤处理,将其替换为*。下面本篇文章就来给大家分享一下过滤功能的实现代码,希望对大家有所帮助!

php 过滤非法与特殊字符串的方法

需求:用户在评论页面输入非法字符以后,需要将非法字符替换为*

简单实现方法:

1、index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />  
<title>过滤留言板中的非法字符</title>  
<style type="text/css">  
<!--  
body {  
    margin-left: 0px;  
    margin-top: 0px;  
    margin-right: 0px;  
    margin-bottom: 0px;  
}  
-->  
</style></head>  
<body>  
<table width="1002" height="585" border="0" align="center" cellpadding="0" cellspacing="0">  
  <tr>  
    <td width="379" height="226"> </td>  
    <td width="445"> </td>  
    <td width="178"> </td>  
  </tr>  
     <form id="form1" name="form1" method="post" action="index_ok.php">  
  <tr>  
    <td height="260"> </td>  
    <td align="center" valign="top"><table width="430" border="1" cellpadding="1" cellspacing="1" bordercolor="#FFFFFF" bgcolor="#99CC67">  
      <tr>  
        <td width="81" height="30" align="right" bgcolor="#FFFFFF">发布主题:</td>  
        <td width="307" align="left" bgcolor="#FFFFFF"><input name="title" type="text" id="title" size="30" /></td>  
      </tr>  
      <tr>  
        <td align="right" bgcolor="#FFFFFF">发布内容:</td>  
        <td align="left" bgcolor="#FFFFFF"><textarea name="content" cols="43" rows="13" id="content"></textarea></td>  
      </tr>  
    </table></td>  
    <td> </td>  
  </tr>  
  <tr>  
    <td height="99"> </td>  
    <td align="center" valign="top"><table width="315" height="37" border="0" cellpadding="0" cellspacing="0">  
      <tr>  
        <td width="169" align="center"><input type="image" name="imageField" src="images/bg1.JPG" /></td>  
        <td width="146" align="center"><input type="image" name="imageField2" src="images/bg3.JPG" onclick="form.reset();return false;" /></td>  
      </tr>  
    </table></td>  
    <td> </td>  
  </tr>  
      </form>  
</table>  
</body>  
</html>

2、index_ok.php

<?php   
$title=$_POST[title];  
$content=$_POST[content];  
$str="****";  
$titles = preg_replace("/(黑客)|(抓包)|(监听)/",$str,$title);  
$contents = preg_replace("/(黑客)|(抓包)|(监听)/",$str,$content);  
?>  
<html>  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />  
<title>过滤留言板中的非法字符</title>  
<style type="text/css">  
<!--  
body {  
    margin-left: 0px;  
    margin-top: 0px;  
    margin-right: 0px;  
    margin-bottom: 0px;  
}  
.STYLE1 {  
    font-size: 12px;  
    color: #855201;  
}  
-->  
</style></head>  
<body>  
<table width="1002" height="585" border="0" align="center" cellpadding="0" cellspacing="0">  
  <tr>  
    <td width="400" height="226"> </td>  
    <td width="406"> </td>  
    <td width="196"> </td>  
  </tr>  
     <form id="form1" name="form1" method="post" action="index_ok.php">  
  <tr>  
    <td height="260"> </td>  
    <td align="left" valign="top"><p class="STYLE1">发布主题:<?php echo $titles;?></p>  
      <p class="STYLE1">发布内容:<?php echo $contents;?></p></td>  
    <td> </td>  
  </tr>  
  <tr>  
    <td> </td>  
    <td align="center" valign="top"> </td>  
    <td> </td>  
  </tr>  
  </form>  
</table>  
</body>  
</html>

运行结果

1.png

复杂实现方法:可过滤JS 、PHP标签

  //简单过滤JS 、PHP标签
  function cleanJs($html){
  	$html=trim($html);
  	$html=str_replace(array(&#39;<?&#39;,&#39;?>&#39;),array(&#39;<?&#39;,&#39;?>&#39;),$html);
  	$pattern=array(
    "&#39;<script[^>]*?>.*?</script>&#39;si",
    "&#39;<style[^>]*?>.*?</style>&#39;si",
    "&#39;<frame[^>]*?>&#39;si",
    "&#39;<iframe[^>]*?>.*?</iframe>&#39;si",
    "&#39;<link[^>]*?>&#39;si"
    );
    $replace=array("","","","","");
    return	preg_replace($pattern,$replace,$html);
  }
  /* Remove JS/CSS/IFRAME/FRAME 过滤JS/CSS/IFRAME/FRAME/XSS等恶意攻击代码(可安全使用)
   * Return string
   */
  function cleanJsCss($html){
  	$html=trim($html);
  	$html=preg_replace(&#39;/\0+/&#39;, &#39;&#39;, $html);
	$html=preg_replace(&#39;/(\\\\0)+/&#39;, &#39;&#39;, $html);
	$html=preg_replace(&#39;#(&\#*\w+)[\x00-\x20]+;#u&#39;,"\\1;",$html);
	$html=preg_replace(&#39;#(&\#x*)([0-9A-F]+);*#iu&#39;,"\\1\\2;",$html);
	$html=preg_replace("/%u0([a-z0-9]{3})/i", "&#x\\1;", $html);
	$html=preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $html);
  	$html=str_replace(array(&#39;<?&#39;,&#39;?>&#39;),array(&#39;<?&#39;,&#39;?>&#39;),$html);
    $html=preg_replace(&#39;#\t+#&#39;,&#39; &#39;,$html);
	$scripts=array(&#39;javascript&#39;,&#39;vbscript&#39;,&#39;script&#39;,&#39;applet&#39;,&#39;alert&#39;,&#39;document&#39;,&#39;write&#39;,&#39;cookie&#39;,&#39;window&#39;);
	foreach($scripts as $script){
		$temp_str="";
		for($i=0;$i<strlen($script);$i++){
			$temp_str.=substr($script,$i,1)."\s*";
		}
		$temp_str=substr($temp_str,0,-3);
		$html=preg_replace(&#39;#&#39;.$temp_str.&#39;#s&#39;,$script,$html);
		$html=preg_replace(&#39;#&#39;.ucfirst($temp_str).&#39;#s&#39;,ucfirst($script),$html);
	}
	$html=preg_replace("#<a.+?href=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>.*?</a>#si", "", $html);
	$html=preg_replace("#<img.+?src=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>#si", "", $html);
	$html=preg_replace("#<(script|xss).*?\>#si", "<\\1>", $html);
	$html=preg_replace(&#39;#(<[^>]*?)(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[^>]*>#is&#39;,"\\1>",$html);
	//$html=preg_replace(&#39;#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is&#39;, "<\\1\\2\\3>", $html);
	$html=preg_replace(&#39;#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is&#39;, "<\\1\\2\\3>", $html);
	$html=preg_replace(&#39;#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si&#39;, "\\1\\2(\\3)", $html);
	$bad=array(
	&#39;document.cookie&#39;	=> &#39;&#39;,
	&#39;document.write&#39;	=> &#39;&#39;,
	&#39;window.location&#39;	=> &#39;&#39;,
	"javascript\s*:"	=> &#39;&#39;,
	"Redirect\s+302"	=> &#39;&#39;,
	&#39;<!--&#39;				=> &#39;<!--&#39;,
	&#39;-->&#39;				=> &#39;-->&#39;
	);
	foreach ($bad as $key=>$val){
		$html=preg_replace("#".$key."#i",$val,$html);
	}
    return	$html;
  }
  //过滤html标签以及敏感字符

  function cleanHtml($html){
  	return cleanYellow(htmlspecialchars($html));
  }
  //过滤部分HTML标签

  function cleanFilter($html){
  	$html=trim($html);
  	$html=preg_replace("/<p[^>]*?>/is","<p>",$html);
  	$html=preg_replace("/<div[^>]*?>/is","<div>",$html);
  	$html=preg_replace("/<ul[^>]*?>/is","<ul>",$html);
  	$html=preg_replace("/<li[^>]*?>/is","<li>",$html);
  	$html=preg_replace("/<span[^>]*?/is","<span>",$html);
  	$html=preg_replace("/<a[^>]*?>(.*)?<\/a>/is","\${1}",$html);
  	$html=preg_replace("/<table[^>]*?>/is","<table>",$html);
  	$html=preg_replace("/<tr[^>]*?>/is","<tr>",$html);
  	$html=preg_replace("/<td[^>]*?>/is","<td>",$html);
  	$html=preg_replace("/<ol[^>]*?>/is","<ol>",$html);
  	$html=preg_replace("/<form[^>]*?>/is","",$html);
  	$html=preg_replace("/<input[^>]*?>/is","",$html);
  	return $html;
  }
  //过滤非法的敏感字符串
  function cleanYellow($txt){
  	$txt=str_replace(
  	array("黄色","性爱","做爱","我日","我草","我靠","尻","共产党","胡锦涛","毛泽东",
  	"政府","中央","研究生考试","性生活","色情","情色","我考","麻痹","妈的","阴道",
  	"淫","奸","阴部","爱液","阴液","臀","色诱","煞笔","傻比","阴茎","法轮功","性交","阴毛","江泽民"),
  	array("*1*","*2*","*3*","*4*","*5*","*6*","*7*","*8*","*9*","*10*",
  	"*11*","*12*","*13*","*14*","*15*","*16*","*17*","*18*","*19*","*20*",
  	"*21*","*22*","*23*","*24*","*25*","*26*","*27*","*28*","*29*","*30*","*31*","*32*","*33*","*34*"),
  	$txt);
  	return $txt;
  }
  //过滤敏感字符串以及恶意代码
  function cleanAll($html){
  	return cleanYellow(cleanJsCss($html));
  }
  //全半角字符替换
  function setFilter($html){
  		$arr=array(&#39;0&#39; => &#39;0&#39;, &#39;1&#39; => &#39;1&#39;, &#39;2&#39; => &#39;2&#39;, &#39;3&#39; => &#39;3&#39;, &#39;4&#39; => &#39;4&#39;,
                 &#39;5&#39; => &#39;5&#39;, &#39;6&#39; => &#39;6&#39;, &#39;7&#39; => &#39;7&#39;, &#39;8&#39; => &#39;8&#39;, &#39;9&#39; => &#39;9&#39;,
                 &#39;A&#39; => &#39;A&#39;, &#39;B&#39; => &#39;B&#39;, &#39;C&#39; => &#39;C&#39;, &#39;D&#39; => &#39;D&#39;, &#39;E&#39; => &#39;E&#39;,
                 &#39;F&#39; => &#39;F&#39;, &#39;G&#39; => &#39;G&#39;, &#39;H&#39; => &#39;H&#39;, &#39;I&#39; => &#39;I&#39;, &#39;J&#39; => &#39;J&#39;,
                 &#39;K&#39; => &#39;K&#39;, &#39;L&#39; => &#39;L&#39;, &#39;M&#39; => &#39;M&#39;, &#39;N&#39; => &#39;N&#39;, &#39;O&#39; => &#39;O&#39;,
                 &#39;P&#39; => &#39;P&#39;, &#39;Q&#39; => &#39;Q&#39;, &#39;R&#39; => &#39;R&#39;, &#39;S&#39; => &#39;S&#39;, &#39;T&#39; => &#39;T&#39;,
                 &#39;U&#39; => &#39;U&#39;, &#39;V&#39; => &#39;V&#39;, &#39;W&#39; => &#39;W&#39;, &#39;X&#39; => &#39;X&#39;, &#39;Y&#39; => &#39;Y&#39;,
                 &#39;Z&#39; => &#39;Z&#39;, &#39;a&#39; => &#39;a&#39;, &#39;b&#39; => &#39;b&#39;, &#39;c&#39; => &#39;c&#39;, &#39;d&#39; => &#39;d&#39;,
                 &#39;e&#39; => &#39;e&#39;, &#39;f&#39; => &#39;f&#39;, &#39;g&#39; => &#39;g&#39;, &#39;h&#39; => &#39;h&#39;, &#39;i&#39; => &#39;i&#39;,
                 &#39;j&#39; => &#39;j&#39;, &#39;k&#39; => &#39;k&#39;, &#39;l&#39; => &#39;l&#39;, &#39;m&#39; => &#39;m&#39;, &#39;n&#39; => &#39;n&#39;,
                 &#39;o&#39; => &#39;o&#39;, &#39;p&#39; => &#39;p&#39;, &#39;q&#39; => &#39;q&#39;, &#39;r&#39; => &#39;r&#39;, &#39;s&#39; => &#39;s&#39;,
                 &#39;t&#39; => &#39;t&#39;, &#39;u&#39; => &#39;u&#39;, &#39;v&#39; => &#39;v&#39;, &#39;w&#39; => &#39;w&#39;, &#39;x&#39; => &#39;x&#39;,
                 &#39;y&#39; => &#39;y&#39;, &#39;z&#39; => &#39;z&#39;,
                 &#39;(&#39; => &#39;(&#39;, &#39;)&#39; => &#39;)&#39;, &#39;〔&#39; => &#39;[&#39;, &#39;〕&#39; => &#39;]&#39;, &#39;【&#39; => &#39;[&#39;,
                 &#39;】&#39; => &#39;]&#39;, &#39;〖&#39; => &#39;[&#39;, &#39;〗&#39; => &#39;]&#39;, &#39;“&#39; => &#39;[&#39;, &#39;”&#39; => &#39;]&#39;,
                 &#39;‘&#39; => &#39;[&#39;, &#39;’&#39; => &#39;]&#39;, &#39;{&#39; => &#39;{&#39;, &#39;}&#39; => &#39;}&#39;, &#39;《&#39; => &#39;<&#39;,
                 &#39;》&#39; => &#39;>&#39;,
                 &#39;%&#39; => &#39;%&#39;, &#39;+&#39; => &#39;+&#39;, &#39;—&#39; => &#39;-&#39;, &#39;-&#39; => &#39;-&#39;, &#39;~&#39; => &#39;-&#39;,
                 &#39;:&#39; => &#39;:&#39;, &#39;。&#39; => &#39;.&#39;, &#39;、&#39; => &#39;,&#39;, &#39;,&#39; => &#39;.&#39;, &#39;、&#39; => &#39;.&#39;,
                 &#39;;&#39; => &#39;,&#39;, &#39;?&#39; => &#39;?&#39;, &#39;!&#39; => &#39;!&#39;, &#39;…&#39; => &#39;-&#39;, &#39;‖&#39; => &#39;|&#39;,
                 &#39;”&#39; => &#39;"&#39;, &#39;’&#39; => &#39;`&#39;, &#39;‘&#39; => &#39;`&#39;, &#39;|&#39; => &#39;|&#39;, &#39;〃&#39; => &#39;"&#39;,
                 &#39; &#39; => &#39; &#39;);
    	return	strtr($html,$arr);
  }

推荐学习:《PHP视频教程

Déclaration:
Cet article est reproduit dans:. en cas de violation, veuillez contacter admin@php.cn Supprimer