提供了编程的基础技术教程

zl程序教程

您现在的位置是:首页 >  后端

当前栏目

php安全过滤函数代码

PHP安全代码 函数 过滤
2023-06-13 09:14:28 时间

复制代码代码如下:


//安全过滤输入[jb]
functioncheck_str($string,$isurl=false)
{
$string=preg_replace("/[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]/","",$string);
$string=str_replace(array("\0","%00","\r"),"",$string);
empty($isurl)&&$string=preg_replace("/&(?!(#[0-9]+|[a-z]+);)/si","&",$string);
$string=str_replace(array("%3C","<"),"<",$string);
$string=str_replace(array("%3E",">"),">",$string);
$string=str_replace(array(""",""","\t",""),array("“","‘","",""),$string);
returntrim($string);
}


下面是为大家整理的一些过滤函数:

复制代码代码如下:


/**
*安全过滤类-过滤javascript,css,iframes,object等不安全参数过滤级别高
* Controller中使用方法:$this->controller->fliter_script($value)
*@param string$value需要过滤的值
*@returnstring
*/
functionfliter_script($value){
$value=preg_replace("/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i","&111n\\2",$value);
$value=preg_replace("/(.*?)<\/script>/si","",$value);
$value=preg_replace("/(.*?)<\/iframe>/si","",$value);
$value=preg_replace("//iesU","",$value);
return$value;
}

/**
*安全过滤类-过滤HTML标签
* Controller中使用方法:$this->controller->fliter_html($value)
*@param string$value需要过滤的值
*@returnstring
*/
functionfliter_html($value){
if(function_exists("htmlspecialchars"))returnhtmlspecialchars($value);
returnstr_replace(array("&",""",""","<",">"),array("&","\"",""","<",">"),$value);
}

/**
*安全过滤类-对进入的数据加下划线防止SQL注入
* Controller中使用方法:$this->controller->fliter_sql($value)
*@param string$value需要过滤的值
*@returnstring
*/
functionfliter_sql($value){
$sql=array("select","insert","update","delete","\"","\/\*",
    "\.\.\/","\.\/","union","into","load_file","outfile");
$sql_re=array("","","","","","","","","","","","");
returnstr_replace($sql,$sql_re,$value);
}

/**
*安全过滤类-通用数据过滤
* Controller中使用方法:$this->controller->fliter_escape($value)
*@paramstring$value需要过滤的变量
*@returnstring|array
*/
functionfliter_escape($value){
if(is_array($value)){
 foreach($valueas$k=>$v){
  $value[$k]=self::fliter_str($v);
 }
}else{
 $value=self::fliter_str($value);
}
return$value;
}

/**
*安全过滤类-字符串过滤过滤特殊有危害字符
* Controller中使用方法:$this->controller->fliter_str($value)
*@param string$value需要过滤的值
*@returnstring
*/
functionfliter_str($value){
$badstr=array("\0","%00","\r","&","",""",""","<",">","  ","%3C","%3E");
$newstr=array("","","","&","",""",""","<",">","  ","<",">");
$value =str_replace($badstr,$newstr,$value);
$value =preg_replace("/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/","&\\1",$value);
return$value;
}

/**
*私有路劲安全转化
* Controller中使用方法:$this->controller->filter_dir($fileName)
*@paramstring$fileName
*@returnstring
*/
functionfilter_dir($fileName){
$tmpname=strtolower($fileName);
$temp=array(":/","\0","..");
if(str_replace($temp,"",$tmpname)!==$tmpname){
 returnfalse;
}
return$fileName;
}

/**
*过滤目录
* Controller中使用方法:$this->controller->filter_path($path)
*@paramstring$path
*@returnarray
*/
publicfunctionfilter_path($path){
$path=str_replace(array(""","#","=","`","$","%","&",";"),"",$path);
returnrtrim(preg_replace("/(\/){2,}|(\\\){1,}/","/",$path),"/");
}

/**
*过滤PHP标签
* Controller中使用方法:$this->controller->filter_phptag($string)
*@paramstring$string
*@returnstring
*/
publicfunctionfilter_phptag($string){
returnstr_replace(array(""),array("<?","?>"),$string);
}

/**
*安全过滤类-返回函数
* Controller中使用方法:$this->controller->str_out($value)
*@param string$value需要过滤的值
*@returnstring
*/
publicfunctionstr_out($value){
$badstr=array("<",">","%3C","%3E");
$newstr=array("<",">","<",">");
$value =str_replace($newstr,$badstr,$value);
returnstripslashes($value);//下划线
}

相关文章