• 欢迎访问搞代码网站,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站!
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏搞代码吧
> 后端 > php > php 保险过滤函数代码

php 保险过滤函数代码

php 搞代码 4年前 (2022-01-24) 29次浏览 已收录 0个评论

php 安全过滤函数代码

php 安全过滤函数代码,防止用户恶意输入内容。

<span style="color: #008000">//</span><span style="color: #008000">安全过滤输入[jb]</span>function check_str($<span style="color: #0000ff">string</span>, $isurl = <span style="color: #0000ff">false</span><span style="color: #000000">){$</span><span style="color: #0000ff">string</span> = preg_replace(<span style="color: #800000">'</span><span style="color: #800000">/[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]/</span><span style="color: #800000">'</span>,<span style="color: #800000">''</span>,$<span style="color: #0000ff">string</span><span style="color: #000000">);$</span><span style="color: #0000ff">string</span> = str_replace(array(<span style="color: #800000">"</span><span style="color: #800000">\0</span><span style="color: #800000">"</span>,<span style="color: #800000">"</span><span style="color: #800000">%00</span><span style="color: #800000">"</span>,<span style="color: #800000">"</span><span style="color: #800000">\r</span><span style="color: #800000">"</span>),<span style="color: #800000">''</span>,$<span style="color: #0000ff">string</span><span style="color: #000000">);empty($isurl) </span>&& $<span style="color: #0000ff">string</span> = preg_replace(<span style="color: #800000">"</span><span style="color: #800000">/&(?!(#[0-9]+|[a-z]+);)/si</span><span style="color: #800000">"</span>,<span style="color: #800000">'</span><span style="color: #800000">&</span><span style="color: #800000">'</span>,$<span style="color: #0000ff">string</span><span style="color: #000000">);$</span><span style="color: #0000ff">string</span> = str_replace(array(<span style="color: #800000">"</span><span style="color: #800000">%3C</span><span style="color: #800000">"</span>,<span style="color: #800000">'</span><span style="color: #800000"><</span><span style="color: #800000">'</span>),<span style="color: #800000">'</span><span style="color: #800000"><</span><span style="color: #800000">'</span>,$<span style="color: #0000ff">string</span><span style="color: #000000">);$</span><span style="color: #0000ff">string</span> = str_replace(array(<span style="color: #800000">"</span><span style="color: #800000">%3E</span><span style="color: #800000">"</span>,<span style="color: #800000">'</span><span style="color: #800000">></span><span style="color: #800000">'</span>),<span style="color: #800000">'</span><span style="color: #800000">></span><span style="color: #800000">'</span>,$<span style="color: #0000ff">string</span><span style="color: #000000">);$</span><span style="color: #0000ff">string</span> = str_replace(array(<span style="color: #800000">'</span><span style="color: #800000">"</span><span style="color: #800000">'</span>,<span style="color: #800000">"</span><span style="color: #800000">'</span><span style="color: #800000">"</span>,<span style="color: #800000">"</span><span style="color: #800000">\t</span><span style="color: #800000">"</span>,<span style="color: #800000">'</span> <span style="color: #800000">'</span>),array(<span style="color: #800000">'</span><span style="color: #800000">“</span><span style="color: #800000">'</span>,<span style="color: #800000">'</span><span style="color: #800000">‘</span><span style="color: #800000">'</span>,<span style="color: #800000">'</span> <span style="color: #800000">'</span>,<span style="color: #800000">'</span> <span style="color: #800000">'</span>),$<span style="color: #0000ff">string</span><span style="color: #000000">);</span><span style="color: #0000ff">return</span> trim($<span style="color: #0000ff">string</span><span style="color: #000000">);}</span>

下面是整理的一些过滤函数:

<span style="color: #008000">/*</span><span style="color: #008000">** 安全过滤类-过滤javascript,css,iframes,object等不安全参数 过滤级别高*  Controller中使用方法:$this->controller->fliter_script($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000">*/</span><span style="color: #000000">function fliter_script($value) {$value </span>= preg_replace(<span style="color: #800000">"</span><span style="color: #800000">/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i</span><span style="color: #800000">"</span>,<span style="color: #800000">"</span><span style="color: #800000">&111n\\2</span><span style="color: #800000">"</span><span style="color: #000000">,$value);$value </span>= preg_replace(<span style="color: #800000">"</span><span style="color: #800000">/(.*?)<\/script>/si</span><span style="color: #800000">"</span>,<span style="color: #800000">""</span><span style="color: #000000">,$value);$value </span>= preg_replace(<span style="color: #800000">"</span><span style="color: #800000">/(.*?)<\/iframe>/si</span><span style="color: #800000">"</span>,<span style="color: #800000">""</span><span style="color: #000000">,$value);$value </span>= preg_replace (<span style="color: #800000">"</span><span style="color: #800000">//iesU</span><span style="color: #800000">"</span>, <span style="color: #800000">''</span><span style="color: #000000">, $value);</span><span style="color: #0000ff">return</span><span style="color: #000000"> $value;}</span><span style="color: #008000">/*</span><span style="color: #008000">** 安全过滤类-过滤HTML标签*  Controller中使用方法:$this->controller->fliter_html($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000">*/</span><span style="color: #000000">function fliter_html($value) {</span><span style="color: #0000ff">if</span> (function_exists(<span style="color: #800000">'</span><span style="color: #800000">htmlspecialchars</span><span style="color: #800000">'</span>)) <span style="color: #0000ff">return</span><span style="color: #000000"> htmlspecialchars($value);</span><span style="color: #0000ff">return</span> str_replace(array(<span style="color: #800000">"</span><span style="color: #800000">&</span><span style="color: #800000">"</span>, <span style="color: #800000">'</span><span style="color: #800000">"</span><span style="color: #800000">'</span>, <span style="color: #800000">"</span><span style="color: #800000">'</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000"><</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">></span><span style="color: #800000">"</span>), array(<span style="color: #800000">"</span><span style="color: #800000">&</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">\"</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">'</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000"><</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">></span><span style="color: #800000">"</span><span style="color: #000000">), $value);}</span><span style="color: #008000">/*</span><span style="color: #008000">** 安全过滤类-对进入的数据加下划线 防止SQL注入*  Controller中使用方法:$this->controller->fliter_sql($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000">*/</span><span style="color: #000000">function fliter_sql($value) {$sql </span>= array(<span style="color: #800000">"</span><span style="color: #800000">select</span><span style="color: #800000">"</span>, <span style="color: #800000">'</span><span style="color: #800000">insert</span><span style="color: #800000">'</span>, <span style="color: #800000">"</span><span style="color: #800000">update</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">delete</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">\'</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">\/\*</span><span style="color: #800000">"</span><span style="color: #000000">,     </span><span style="color: #800000">"</span><span style="color: #800000">\.\.\/</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">\.\/</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">union</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">into</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">load_file</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">outfile</span><span style="color: #800000">"</span><span style="color: #000000">);$sql_re </span>= array(<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span>,<span style="color: #800000">""</span><span style="color: #000000">);</span><span style="color: #0000ff">return</span><span style="color: #000000"> str_replace($sql, $sql_re, $value);}</span><span style="color: #008000">/*</span><span style="color: #008000">** 安全过滤类-通用数据过滤*  Controller中使用方法:$this->controller->fliter_escape($value)* @param string $value 需要过滤的变量* @return string|array</span><span style="color: #008000">*/</span><span style="color: #000000">function fliter_escape($value) {</span><span style="color: #0000ff">if</span><span style="color: #000000"> (is_array($value)) {  </span><span style="color: #0000ff">foreach</span> ($value <span style="color: #0000ff">as</span> $k =><span style="color: #000000"> $v) {   $value[$k] </span>=<span style="color: #000000"> self::fliter_str($v);  }} </span><span style="color: #0000ff">else</span><span style="color: #000000"> {  $value </span>=<span style="color: #000000"> self::fliter_str($value);}</span><span style="color: #0000ff">return</span><span style="color: #000000"> $value;}</span><span style="color: #008000">/*</span><span style="color: #008000">** 安全过滤类-字符串过滤 过滤特殊有危害字符*  Controller中使用方法:$this->controller->fliter_str($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000">*/</span><span style="color: #000000">function fliter_str($value) {$badstr </span>= array(<span style="color: #800000">"</span><span style="color: #800000">\0</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">%00</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">\r</span><span style="color: #800000">"</span>, <span style="color: #800000">'</span><span style="color: #800000">&</span><span style="color: #800000">'</span>, <span style="color: #800000">'</span> <span style="color: #800000">'</span>, <span style="color: #800000">'</span><span style="color: #800000">"</span><span style="color: #800000">'</span>, <span style="color: #800000">"</span><span style="color: #800000">'</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000"><</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">></span><span style="color: #800000">"</span>, <span style="color: #800000">"</span>   <span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">%3C</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">%3E</span><span style="color: #800000">"</span><span style="color: #000000">);$newstr </span>= array(<span style="color: #800000">''</span>, <span style="color: #800000">''</span>, <span style="color: #800000">''</span>, <span style="color: #800000">'</span><span style="color: #800000">&</span><span style="color: #800000">'</span>, <span style="color: #800000">'</span> <span style="color: #800000">'</span>, <span style="color: #800000">'</span><span style="color: #800000">"</span><span style="color: #800000">'</span>, <span style="color: #800000">'''</span><span style="color: #800000">, "", "   ", "");</span>$value  =<span style="color: #000000"> str_replace($badstr, $newstr, $value);$value  </span>= preg_replace(<span style="color: #800000">'</span><span style="color: #800000">/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/</span><span style="color: #800000">'</span>, <span style="color: #800000">'</span><span style="color: #800000">&\\1</span><span style="color: #800000">'</span><span style="color: #000000">, $value);</span><span style="color: #0000ff">return</span><span style="color: #000000"> $value;}</span><span style="color: #008000">/*</span><span style="color: #008000">** 私有路劲安全转化*  Controller中使用方法:$this->controller->filter_dir($fileName)* @param string $fileName* @return string</span><span style="color: #008000">*/</span><span style="color: #000000">function filter_dir($fileName) {$tmpname </span>=<span style="color: #000000"> strtolower($fileName);$temp </span>= array(<span style="color: #800000">'</span><span style="color: #800000">:/</span><span style="color: #800000">'</span>,<span style="color: #800000">"</span><span style="color: #800000">\0</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">..</span><span style="color: #800000">"</span><span style="color: #000000">);</span><span style="color: #0000ff">if</span> (str_replace($temp, <span style="color: #800000">''</span>, $tmpname) !==<span style="color: #000000"> $tmpname) {  </span><span style="color: #0000ff">return</span> <span style="color: #0000ff">false</span><span style="color: #000000">;}</span><span style="color: #0000ff">return</span><span style="color: #000000"> $fileName;}</span><span style="color: #008000">/*</span><span style="color: #008000">** 过滤目录*  Controller中使用方法:$this->controller->filter_path($path)* @param string $path* @return array</span><span style="color: #008000">*/</span><span style="color: #0000ff">public</span><span style="color: #000000"> function filter_path($path) {$path </span>= str_replace(array(<span style="color: #800000">"</span><span style="color: #800000">'</span><span style="color: #800000">"</span>,<span style="color: #800000">'</span><span style="color: #800000">#</span><span style="color: #800000">'</span>,<span style="color: #800000">'</span><span style="color: #800000">=</span><span style="color: #800000">'</span>,<span style="color: #800000">'</span><span style="color: #800000">`</span><span style="color: #800000">'</span>,<span style="color: #800000">'</span><span style="color: #800000">$</span><span style="color: #800000">'</span>,<span style="color: #800000">'</span><span style="color: #800000">%</span><span style="color: #800000">'</span>,<span style="color: #800000">'</span><span style="color: #800000">&</span><span style="color: #800000">'</span>,<span style="color: #800000">'</span><span style="color: #800000">;</span><span style="color: #800000">'</span>), <span style="color: #800000">''</span><span style="color: #000000">, $path);</span><span style="color: #0000ff">return</span> rtrim(preg_replace(<span style="color: #800000">'</span><span style="color: #800000">/(\/){2,}|(\\\){1,}/</span><span style="color: #800000">'</span>, <span style="color: #800000">'</span><span style="color: #800000">/</span><span style="color: #800000">'</span>, $path), <span style="color: #800000">'</span><span style="color: #800000">/</span><span style="color: #800000">'</span><span style="color: #000000">);}</span><span style="color: #008000">/*</span><span style="color: #008000">** 过滤PHP标签*  Controller中使用方法:$this->controller->filter_phptag($string)* @param string $string* @return string</span><span style="color: #008000">*/</span><span style="color: #0000ff">public</span> function filter_phptag($<span style="color: #0000ff">string</span><span style="color: #000000">) {</span><span style="color: #0000ff">return</span> str_replace(array(<span style="color: #800000">''</span>), array(<span style="color: #800000">'</span><span style="color: #800000"><?</span><span style="color: #800000">'</span>, <span style="color: #800000">'</span><span style="color: #800000">?></span><span style="color: #800000">'</span>), $<span style="color: #0000ff">string</span><span style="color: #000000">);}</span><span style="color: #008000">/*</span><span style="color: #008000">** 安全过滤类-返回函数*  Controller中使用方法:$this->controller->str_out($value)* @param  string $value 需要过滤的值* @return string</span><span style="color: #008000">*/</span><span style="color: #0000ff">public</span><span style="color: #000000"> function str_out($value) {$badstr </span>= array(<span style="color: #800000">"</span><span style="color: #800000"><</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">></span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">%3C</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">%3E</span><span style="color: #800000">"</span><span style="color: #000000">);$newstr </span>= array(<span style="color: #800000">"</span><span style="color: #800000"><</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">></span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000"><</span><span style="color: #800000">"</span>, <span style="color: #800000">"</span><span style="color: #800000">></span><span style="color: #800000">"</span><span style="color: #000000">);$value  </span>=<span style="color: #000000"> str_replace($newstr, $badstr, $value);</span><span style="color: #0000ff">return</span> stripslashes($value); <span style="color: #008000">//</span><span style="color: #008000">下划线</span>}

搞代码网(gaodaima.com)提供的所有资源部分来自互联网,如果有侵犯您的版权或其他权益,请说明详细缘由并提供版权或权益证明然后发送到邮箱[email protected],我们会在看到邮件的第一时间内为您处理,或直接联系QQ:872152909。本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:php 保险过滤函数代码
喜欢 (0)
[搞代码]
分享 (0)
发表我的评论
取消评论

表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址