php安全过滤函数代码
//安全过滤输入[jb]
functioncheck_str($string,$isurl=false)
{
$string=preg_replace("/[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]/","",$string);
$string=str_replace(array("\0","%00","\r"),"",$string);
empty($isurl)&&$string=preg_replace("/&(?!(#[0-9]+|[a-z]+);)/si","&",$string);
$string=str_replace(array("%3C","<"),"<",$string);
$string=str_replace(array("%3E",">"),">",$string);
$string=str_replace(array(""",""","\t",""),array("“","‘","",""),$string);
returntrim($string);
}
下面是为大家整理的一些过滤函数:
/**
*安全过滤类-过滤javascript,css,iframes,object等不安全参数过滤级别高
* Controller中使用方法:$this->controller->fliter_script($value)
*@param string$value需要过滤的值
*@returnstring
*/
functionfliter_script($value){
$value=preg_replace("/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i","&111n\\2",$value);
$value=preg_replace("/(.*?)<\/script>/si","",$value);
$value=preg_replace("/(.*?)<\/iframe>/si","",$value);
$value=preg_replace("//iesU","",$value);
return$value;
}
/**
*安全过滤类-过滤HTML标签
* Controller中使用方法:$this->controller->fliter_html($value)
*@param string$value需要过滤的值
*@returnstring
*/
functionfliter_html($value){
if(function_exists("htmlspecialchars"))returnhtmlspecialchars($value);
returnstr_replace(array("&",""",""","<",">"),array("&","\"",""","<",">"),$value);
}
/**
*安全过滤类-对进入的数据加下划线防止SQL注入
* Controller中使用方法:$this->controller->fliter_sql($value)
*@param string$value需要过滤的值
*@returnstring
*/
functionfliter_sql($value){
$sql=array("select","insert","update","delete","\"","\/\*",
"\.\.\/","\.\/","union","into","load_file","outfile");
$sql_re=array("","","","","","","","","","","","");
returnstr_replace($sql,$sql_re,$value);
}
/**
*安全过滤类-通用数据过滤
* Controller中使用方法:$this->controller->fliter_escape($value)
*@paramstring$value需要过滤的变量
*@returnstring|array
*/
functionfliter_escape($value){
if(is_array($value)){
foreach($valueas$k=>$v){
$value[$k]=self::fliter_str($v);
}
}else{
$value=self::fliter_str($value);
}
return$value;
}
/**
*安全过滤类-字符串过滤过滤特殊有危害字符
* Controller中使用方法:$this->controller->fliter_str($value)
*@param string$value需要过滤的值
*@returnstring
*/
functionfliter_str($value){
$badstr=array("\0","%00","\r","&","",""",""","<",">"," ","%3C","%3E");
$newstr=array("","","","&","",""",""","<",">"," ","<",">");
$value =str_replace($badstr,$newstr,$value);
$value =preg_replace("/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/","&\\1",$value);
return$value;
}
/**
*私有路劲安全转化
* Controller中使用方法:$this->controller->filter_dir($fileName)
*@paramstring$fileName
*@returnstring
*/
functionfilter_dir($fileName){
$tmpname=strtolower($fileName);
$temp=array(":/","\0","..");
if(str_replace($temp,"",$tmpname)!==$tmpname){
returnfalse;
}
return$fileName;
}
/**
*过滤目录
* Controller中使用方法:$this->controller->filter_path($path)
*@paramstring$path
*@returnarray
*/
publicfunctionfilter_path($path){
$path=str_replace(array(""","#","=","`","$","%","&",";"),"",$path);
returnrtrim(preg_replace("/(\/){2,}|(\\\){1,}/","/",$path),"/");
}
/**
*过滤PHP标签
* Controller中使用方法:$this->controller->filter_phptag($string)
*@paramstring$string
*@returnstring
*/
publicfunctionfilter_phptag($string){
returnstr_replace(array(""),array("<?","?>"),$string);
}
/**
*安全过滤类-返回函数
* Controller中使用方法:$this->controller->str_out($value)
*@param string$value需要过滤的值
*@returnstring
*/
publicfunctionstr_out($value){
$badstr=array("<",">","%3C","%3E");
$newstr=array("<",">","<",">");
$value =str_replace($newstr,$badstr,$value);
returnstripslashes($value);//下划线
}
相关文章
- PHP常见面试题_php面试常问面试题
- 如何运行PHP代码_运行php网站
- Linux切换PHP版本:快速而安全的方法(linux切换php版本)
- MySQL数据库管理应用PHP技术(mysql数据库php)
- 环境搭建PHP在Linux下的环境搭建与应用(php用linux)
- PHP专业连接MySQL:实现快速代码.(php连接mysql数据库代码)
- 远程探索——PHP与MySQL的结合(php远程连接mysql)
- Linux搭建PHP网站实现快速上线(linux架设php网站)
- PHP操作MySQL数据库,实现强大的数据功能(php调用mysql数据库)
- PHP连接MySQL:完成数据库操作的基本语句(php连接mysql语句)
- 环境PHP和MySQL环境搭建:快速、安全、便捷(php和mysql配置)
- Linux系统如何实现PHP开机自启动?(linux开机启动php)
- 使用PHP实现Redis快速构建应用(redis实例php)
- PHP的MySQL编程示例(php的mysql代码)
- 使用PHP编辑器轻松编写Linux平台代码(php编辑器linux)
- PHP与MSSQL的脚本技术编写更快捷的网站程序(php mssql 脚本)
- 基于Redis和PHP技术的投票系统优化(投票 redis php)
- PHP中函数内引用全局变量的方法
- php多线程上下文中安全写文件实现代码
- php学习笔记数组遍历实现代码
- php入门学习知识点六PHP文件的读写操作代码
- 用PHP书写安全的脚本代码
- php模拟post行为代码总结(POST方式不是绝对安全)
- 基于PHP开发中的安全防范知识详解