php过滤form表单提交的危险字符几个代码
//php过滤form表单提交的危险字符
//处理提交的数据
function htmldecode($str) {
if (empty ( $str ) || "" == $str) {
return "";
}
$str = strip_tags ( $str );
$str = htmlspecialchars ( $str );
$str = nl2br ( $str );
$str = str_replace ( "?", "", $str );
$str = str_replace ( "*", "", $str );
$str = str_replace ( "!", "", $str );
$str = str_replace ( "~", "", $str );
$str = str_replace ( "$", "", $str );
$str = str_replace ( "%", "", $str );
$str = str_replace ( "^", "", $str );
$str = str_replace ( "^", "", $str );
$str = str_replace ( "select", "", $str );
$str = str_replace ( "join", "", $str );
$str = str_replace ( "union", "", $str );
$str = str_replace ( "where", "", $str );
$str = str_replace ( "insert", "", $str );
$str = str_replace ( "delete", "", $str );
$str = str_replace ( "update", "", $str );
$str = str_replace ( "like", "", $str );
$str = str_replace ( "drop", "", $str );
$str = str_replace ( "create", "", $str );
$str = str_replace ( "modify", "", $str );
$str = str_replace ( "rename", "", $str );
$str = str_replace ( "alter", "", $str );
$str = str_replace ( "cast", "", $str );
$farr = array ("//s+/", //过滤多余的空白
"/<(//?)(img|script|i?frame|style|html|body|title|link|meta|/?|/%)([^>]*?)>/isU", //过滤 <script 防止引入恶
意内容或恶意代码,如果不需要插入flash等,还可以加入<object的过滤
"/(<[^>]*)on[a-zA-Z]+/s*=([^>]*>)/isU" )//过滤javascript的on事件
;
$tarr = array (" ", "", //如果要直接清除不安全的标签,这里可以留空
"" );
return $str;
}
另外:
function uhtml($str)
{
$farr = array(
"/\s+/", //过滤多余空白
//过滤 <script>等可能引入恶意内容或恶意改变显示布局的代码,如果不需要插入flash等,还可以加入<object>
的过滤
"/<(\/?)(script|i?frame|style|html|body|title|link|meta|\?|\%)([^>]*?)>/isU",
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",//过滤javascript的on事件
);
$tarr = array(
" ",
"<\1\2\3>",//如果要直接清除不安全的标签,这里可以留空
"\1\2",
);
$str = preg_replace( $farr,$tarr,$str);
return $str;
}
======================================
php获取前端提交数据类:支持危险数据过滤
代码:
/**
* @desc:获取前端提交的数据,支持数据过滤
* @author [Lee] <[<complet@163.com>]>
*/
class getrequest{
/*
@desc:内部函数:过滤危险数据
*/
private function safetydata($data){
foreach($data as $k=>$v){
if(is_array($v)){
$data[$k] = $this->safetydata($v);
}else{
$tmp = trim($v);
$tmp = addslashes($tmp);
$data[$k] = $tmp;
}
}
return $data;
}
/*
@desc:判断前端传入方式,转换成能用数据
*/
public function getrequestdata(){
$data;
$ret;
$contenttype = strtolower($_SERVER['CONTENT_TYPE']);
$method = strtolower($_SERVER['REQUEST_METHOD']);
if($contenttype == 'application/json'){
$data = file_get_contents('php://input');
$data = json_decode($data,true);
}elseif(in_array($contenttype,array('application/x-www-form-urlencoded','multipart/form-data')) ||
$method == 'post'){
$data = $_POST;
}elseif(in_array($contenttype,array('application/x-www-form-urlencoded','multipart/form-data')) ||
$method == 'get'){
$data = $_GET;
}else{
parse_str(file_get_contents('php://input'),$data);
}
$ret = $this->safetydata($data);
return $ret;
}
}
用法:
$getrequest = new getrequest();
$data = $getrequest->getrequestdata();
var_dump($data);
责任编辑: webmaster >>> 百度上搜索 谷歌上搜索
点击复制本连接 (http://www.hugesky.com/showarticle.php?id=6875)>>> 相关资讯:
【声明】: 以上文章或资料除注明为电脑技巧原创或编辑整理外,均为网络收集整理或网友推荐。以上内容以共享、参考、研究为目的,不存在任何商业目的。 未注明作者或出处的文章,可能资料来源不规范。如有涉及版权请给予及时联系更正或予以删除。 |