整理了php过滤字符串几个例子
发布:smiling 来源: PHP粉丝网 添加日期:2015-04-08 16:34:23 浏览: 评论:0
php中过滤一些特殊字符我们通常用于在安全数据提交或者敏感词的过滤上,下面整理了一些常用的例子供大家参考,有需要了可进入参考.
例子,我们利用preg_replace与str_ireplace来进行替换操作,代码如下:
- public static function filterStr( $value )
- {
- if ( emptyempty( $value ) )
- {
- return "";
- }
- $value = trim( $value );
- $badstr = array( "x00", "%00", "r", "&", """, "'", "<", ">", "%3C", "%3E" );
- $newstr = array( "", "", "", "&", """, "'", "<", ">", "<", ">" );
- $value = str_ireplace( $badstr, $newstr, $value );
- $value = preg_replace( "/&((#(d{3,5}|x[a-fA-F0-9]{4}));)/", "&1", $value );
- return $value;
- }
- public static function stripArray( &$_data )
- {
- if ( is_array( $_data ) )
- {
- foreach ( $_data as $_key => $_value )
- {
- $_data[$_key] = trim( self::striparray( $_value ) );
- }
- return $_data;
- }
- return stripslashes( trim( $_data ) );
- }
另收藏代码如下:
- <?php
- class XRequest
- {
- public static function getPost( $name = "" )
- {
- if ( emptyempty( $name ) )
- {
- return $_POST;
- }
- if ( isset( $_POST[$name] ) )
- {
- return $_POST[$name];
- }
- return "";
- }
- public static function getGet( $name = "" )
- {
- if ( emptyempty( $name ) )
- {
- return $_GET;
- }
- if ( isset( $_GET[$name] ) )
- {
- return $_GET[$name];
- }
- return "";
- }
- public static function getCookie( $name = "" )
- {
- if ( $name == "" )
- {
- return $_COOKIE;
- }
- if ( isset( $_COOKIE[$name] ) )
- {
- return $_COOKIE[$name];
- }
- return "";
- }
- public static function getSession( $name = "" )
- {
- if ( $name == "" )
- {
- return $_SESSION;
- }
- if ( isset( $_SESSION[$name] ) )
- {
- return $_SESSION[$name];
- }
- return "";
- }
- public static function fetchEnv( $name = "" )
- {
- if ( $name == "" )
- {
- return $_ENV;
- }
- if ( isset( $_ENV[$name] ) )
- {
- return $_ENV[$name];
- }
- return "";
- }
- public static function getService( $name = "" )
- {
- if ( $name == "" )
- {
- return $_SERVER;
- }
- if ( isset( $_SERVER[$name] ) )
- {
- return $_SERVER[$name];
- }
- return "";
- }
- public static function getPhpSelf( )
- {
- return strip_tags( self::getservice( "PHP_SELF" ) );
- }
- public static function getServiceName( )
- {
- return self::getservice( "SERVER_NAME" );
- }
- public static function getRequestTime( )
- {
- return self::getservice( "REQUEST_TIME" );
- }
- public static function getUserAgent( )
- {
- return self::getservice( "HTTP_USER_AGENT" );
- }
- public static function getUri( )
- {
- return self::getservice( "REQUEST_URI" );
- }
- public static function isPost( )
- {
- if ( strtolower( self::getservice( "REQUEST_METHOD" ) ) == "post" )
- {
- return TRUE;
- }
- return FALSE;
- }
- public static function isGet( )
- {
- if ( strtolower( self::getservice( "REQUEST_METHOD" ) ) == "get" )
- {
- return TRUE;
- }
- return FALSE;
- }
- public static function isAjax( )
- {
- if ( self::getservice( "HTTP_X_REQUESTED_WITH" ) && strtolower( self::getservice( "HTTP_X_REQUESTED_WITH" ) ) == "xmlhttprequest" )
- {
- return TRUE;
- }
- if ( self::getservice( "HTTP_REQUEST_TYPE" ) && strtolower( self::getservice( "HTTP_REQUEST_TYPE" ) ) == "ajax" )
- {
- return TRUE;
- }
- if ( self::getpost( "oe_ajax" ) || self::getget( "oe_ajax" ) )
- {
- return TRUE;
- }
- return FALSE;
- }
- public static function getip( )
- {
- static $realip = NULL;
- if ( isset( $_SERVER ) )
- {
- if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
- {
- $realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
- else if ( isset( $_SERVER['HTTP_CLIENT_IP'] ) )
- {
- $realip = $_SERVER['HTTP_CLIENT_IP'];
- }
- else
- {
- $realip = $_SERVER['REMOTE_ADDR'];
- }
- }
- else if ( getenv( "HTTP_X_FORWARDED_FOR" ) )
- {
- $realip = getenv( "HTTP_X_FORWARDED_FOR" );
- }
- else if ( getenv( "HTTP_CLIENT_IP" ) )
- {
- $realip = getenv( "HTTP_CLIENT_IP" );
- }
- else
- {
- $realip = getenv( "REMOTE_ADDR" );
- }
- $one = "([0-9]|[0-9]{2}|1dd|2[0-4]d|25[0-5])";
- if ( !@preg_match( "/".$one.".".$one.".".$one.".".$one."$/", $realip ) )
- {
- $realip = "0.0.0.0";
- }
- return $realip;
- }
- protected static function uri( )
- {
- $uri = self::geturi( );
- $file = dirname( $_SERVER['SCRIPT_NAME'] );
- $request = str_replace( $file, "", $uri );
- $request = explode( "/", trim( $request, "/" ) );
- if ( isset( $request[0] ) )
- {
- $GLOBALS['_GET']['c'] = $request[0];
- unset( $request[0] );
- }
- if ( isset( $request[1] ) )
- {
- $GLOBALS['_GET']['a'] = $request[1];
- unset( $request[1] );
- }
- if ( 1 < count( $request ) )
- {
- $mark = 0;
- $val = $key = array( );
- foreach ( $request as $value )
- {
- ++$mark;
- if ( $mark % 2 == 0 )
- {
- $val[] = $value;
- }
- else
- {
- $key[] = $value;
- }
- }
- if ( count( $key ) !== count( $val ) )
- {
- $val[] = NULL;
- }
- $get = array_combine( $key, $val );
- foreach ( $get as $key => $value )
- {
- $GLOBALS['_GET'][$key] = $value;
- }
- }
- return TRUE;
- }
- public static function getGpc( $value, $isfliter = TRUE )
- {
- if ( !is_array( $value ) )
- {
- if ( isset( $_GET[$value] ) )
- {
- $temp = trim( $_GET[$value] );
- }
- if ( isset( $_POST[$value] ) )
- {
- $temp = trim( $_POST[$value] );
- }
- $temp = $isfliter === TRUE ? XFilter::filterstr( $temp ) : $temp;
- return trim( $temp );
- }
- $temp = array( );
- foreach ( $value as $val )
- {
- if ( isset( $_GET[$val] ) )
- {
- $temp[$val] = trim( $_GET[$val] );
- }
- if ( isset( $_POST[$val] ) )
- {
- $temp[$val] = trim( $_POST[$val] );
- }
- $temp[$val] = $isfliter === TRUE ? XFilter::filterstr( $temp[$val] ) : $temp[$val];
- }
- return $temp;
- }
- public static function getArgs( $value, $default = NULL, $isfliter = TRUE )
- {
- if ( !emptyempty( $value ) )
- {
- if ( isset( $_GET[$value] ) )
- {
- $temp = trim( $_GET[$value] );
- }
- if ( isset( $_POST[$value] ) )
- {
- $temp = trim( $_POST[$value] );
- }
- if ( $isfliter )
- {
- $temp = XFilter::filterstr( $temp );
- }
- else
- {
- $temp = XFilter::striparray( $temp );
- }
- if ( emptyempty( $temp ) && !emptyempty( $default ) )
- {
- $temp = $default;
- }
- return trim( $temp );
- }
- return "";
- }
- public static function getInt( $value, $default = NULL )
- {
- if ( !emptyempty( $value ) )
- {
- if ( isset( $_GET[$value] ) )
- {
- $temp = $_GET[$value];
- }
- if ( isset( $_POST[$value] ) )
- {
- $temp = $_POST[$value];
- }
- $temp = XFilter::filterstr( $temp );
- if ( emptyempty( $temp ) || FALSE === XValid::isnumber( $temp ) )
- {
- if ( TRUE === XValid::isnumber( $default ) )
- {
- $temp = $default;
- }
- else
- {
- $temp = 0;
- }
- }
- return intval( $temp );
- }
- return 0;
- }
- public static function getArray( $value )
- {
- if ( !emptyempty( $value ) )
- {
- if ( isset( $_GET[$value] ) )
- {
- $temp = $_GET[$value];
- }
- if ( isset( $_POST[$value] ) )
- {
- $temp = $_POST[$value];
- }
- return $temp;
- }
- return "";
- }
- public static function recArgs( $value )
- {
- if ( !emptyempty( $value ) )
- {
- if ( isset( $_GET[$value] ) )
- {
- $temp = $_GET[$value];
- }
- if ( isset( $_POST[$value] ) )
- {
- $temp = $_POST[$value];
- }
- return XFilter::filterbadchar( $temp );
- }
- return "";
- }
- public static function getComArgs( $itemname )
- {
- $args = "";
- $array = self::getarray( $itemname );
- if ( !emptyempty( $array ) )
- {
- $ii = 0;
- for ( ; $ii < count( $array ); ++$ii )
- {
- $val = XFilter::filterbadchar( $array[$ii] );
- if ( !emptyempty( $val ) )
- {
- if ( $ii == 0 )
- {
- $args = $val;
- }
- else if ( $args == "" )
- {
- $args = $val;
- }
- else
- {
- $args = $args.",".$val;
- }
- }
- }
- }
- return $args;
- }
- public static function getComInts( $name )
- {
- $args = "";
- $array = self::getarray( $name );
- if ( !emptyempty( $array ) )
- {
- $ii = 0;
- for ( ; $ii < count( $array ); ++$ii )
- {
- $val = intval( XFilter::filterbadchar( $array[$ii] ) );
- if ( !emptyempty( $val ) )
- {
- if ( $ii == 0 )
- {
- $args = $val;
- }
- else if ( $args == "" )
- {
- $args = $val;
- }
- else
- {
- $args = $args.",".$val;
- }
- }
- }
- }
- return $args;
- }
- }
- if ( !defined( "IN_OESOFT" ) )
- {
- exit( "Access Denied" );
- }
- ?>
- <?php
- class XFilter
- {
- public static function filterBadChar( $str )
- {
- if ( emptyempty( $str ) || $str == "" )
- {
- return;
- }
- $badstring = array( "'", """, """, "=", "#", "$", ">", "<", "", "/*", "%", "x00", "%00", "*" );
- $newstring = array( "", "", "", "", "", "", "", "", "", "", "", "", "", "" );
- $str = str_replace( $badstring, $newstring, $str );
- return trim( $str );
- }
- public static function stripArray( &$_data )
- {
- if ( is_array( $_data ) )
- {
- foreach ( $_data as $_key => $_value )
- {
- $_data[$_key] = trim( self::striparray( $_value ) );
- }
- return $_data;
- }
- return stripslashes( trim( $_data ) );
- }
- public static function filterSlashes( &$value )
- {
- if ( get_magic_quotes_gpc( ) )
- {
- return FALSE;
- }
- $value = ( array )$value;
- foreach ( $value as $key => $val )
- {
- if ( is_array( $val ) )
- {
- self::filterslashes( $value[$key] );
- }
- else
- {
- $value[$key] = addslashes( $val );
- }
- }
- }
- public static function filterScript( $value )
- {
- if ( emptyempty( $value ) )
- {
- return "";
- }
- $value = preg_replace( "/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i", "&111n2", $value );
- $value = preg_replace( "/<script(.*?)>(.*?)</script>/si", "", $value );
- $value = preg_replace( "/<iframe(.*?)>(.*?)</iframe>/si", "", $value );
- $value = preg_replace( "/<object.+</object>/iesU", "", $value );
- return $value;
- }
- public static function filterHtml( $value )
- {
- if ( emptyempty( $value ) )
- {
- return "";
- }
- if ( function_exists( "htmlspecialchars" ) )
- {
- return htmlspecialchars( $value );
- }
- return str_replace( array( "&", """, "'", "<", ">" ), array( "&", """, "'", "<", ">" ), $value );
- }
- public static function filterSql( $value )
- {
- if ( emptyempty( $value ) )
- {
- return "";
- }
- $sql = array( "select", "insert", "update", "delete", "'", "/*", "../", "./", "union", "into", "load_file", "outfile" );
- $sql_re = array( "", "", "", "", "", "", "", "", "", "", "", "" );
- return str_ireplace( $sql, $sql_re, $value );
- }
- public static function filterStr( $value )
- {
- if ( emptyempty( $value ) )
- {
- return "";
- }
- $value = trim( $value );
- $badstr = array( "x00", "%00", "r", "&", """, "'", "<", ">", "%3C", "%3E" );
- $newstr = array( "", "", "", "&", """, "'", "<", ">", "<", ">" );
- $value = str_ireplace( $badstr, $newstr, $value );
- $value = preg_replace( "/&((#(d{3,5}|x[a-fA-F0-9]{4}));)/", "&1", $value );
- return $value;
- }
- public static function filterUrl( )
- {
- if ( preg_replace( "/https?://([^:/]+).*/i", "1", $_SERVER['HTTP_REFERER'] ) !== preg_replace( "/([^:]+).*/", "1", $_SERVER['HTTP_HOST'] ) )
- { //开源软件:phpfensi.com
- return FALSE;
- }
- return TRUE;
- }
- public static function filterForbidChar( $content )
- {
- $new_content = $content;
- $forbidargs = X::$cfg['forbidargs'];
- if ( !emptyempty( $forbidargs ) )
- {
- $array = explode( ",", $forbidargs );
- $i = 0;
- for ( ; $i < sizeof( $array ); ++$i )
- {
- $new_content = str_ireplace( $array[$i], "", $content );
- }
- }
- return $new_content;
- }
- public static function checkExistsForbidChar( $content )
- {
- $flag = FALSE;
- $forbidargs = X::$cfg['forbidargs'];
- if ( !emptyempty( $forbidargs ) )
- {
- $array = explode( ",", $forbidargs );
- $i = 0;
- for ( ; $i < sizeof( $array ); ++$i )
- {
- if ( FALSE === strpos( strtolower( $content ), strtolower( $array[$i] ) ) )
- {
- continue;
- }
- $flag = TRUE;
- break;
- }
- }
- return $flag;
- }
- public static function checkExistsForbidUserName( $username )
- {
- $flag = FALSE;
- $forbidargs = X::$cfg['lockusers'];
- if ( !emptyempty( $forbidargs ) )
- {
- $array = explode( ",", $forbidargs );
- $i = 0;
- for ( ; $i < sizeof( $array ); ++$i )
- {
- if ( FALSE === strpos( strtolower( $username ), strtolower( $array[$i] ) ) )
- {
- continue;
- }
- $flag = TRUE;
- break;
- }
- }
- return $flag;
- }
- }
- if ( !defined( "IN_OESOFT" ) )
- {
- exit( "Access Denied" );
- }
- ?>
Tags: php过滤字符串 php危险字符
推荐文章
热门文章
最新评论文章
- 写给考虑创业的年轻程序员(10)
- PHP新手上路(一)(7)
- 惹恼程序员的十件事(5)
- PHP邮件发送例子,已测试成功(5)
- 致初学者:PHP比ASP优秀的七个理由(4)
- PHP会被淘汰吗?(4)
- PHP新手上路(四)(4)
- 如何去学习PHP?(2)
- 简单入门级php分页代码(2)
- php中邮箱email 电话等格式的验证(2)