欢迎光临景诺科技软件开发淘宝店

进店请收藏,谢谢

php过滤字符串的一个方法

 // 这个也不错,和ecshop的差不多。这个是齐博cms的
$_POST=Add_S($_POST);
$_GET=Add_S($_GET);
$_COOKIE=Add_S($_COOKIE);

function Add_S($array){
	foreach($array as $key=>$value){
		@eregi("['\\\"]+",$key) && die('ERROR KEY!');
		if(!is_array($value)){
			$value=str_replace("&#x","& # x",$value);	//过滤一些不安全字符
			$value=preg_replace("/eval/i","eva l",$value);	//过滤不安全函数
			!get_magic_quotes_gpc() && $value=addslashes($value);
			$array[$key]=$value;
		}else{
			$array[$key]=Add_S($array[$key]); 
		}
	}
	return $array;
}
public static function filterStr( $value )
				{
								if ( empty( $value ) )
								{
												return "";
								}
								$value = trim( $value );
								$badstr = array( "\x00", "%00", "\r", "&", "\"", "'", "<", ">", "%3C", "%3E" );
								$newstr = array( "", "", "", "&amp;", "&quot;", "&#39;", "&lt;", "&gt;", "&lt;", "&gt;" );
								$value = str_ireplace( $badstr, $newstr, $value );
								$value = preg_replace( "/&amp;((#(\\d{3,5}|x[a-fA-F0-9]{4}));)/", "&\\1", $value );
								return $value;
				}
public static function stripArray( &$_data )
				{
								if ( is_array( $_data ) )
								{
												foreach ( $_data as $_key => $_value )
												{
																$_data[$_key] = trim( self::striparray( $_value ) );
												}
												return $_data;
								}
								return stripslashes( trim( $_data ) );
				}

另收藏:

<?php
class XRequest
{

				public static function getPost( $name = "" )
				{
								if ( empty( $name ) )
								{
												return $_POST;
								}
								if ( isset( $_POST[$name] ) )
								{
												return $_POST[$name];
								}
								return "";
				}

				public static function getGet( $name = "" )
				{
								if ( empty( $name ) )
								{
												return $_GET;
								}
								if ( isset( $_GET[$name] ) )
								{
												return $_GET[$name];
								}
								return "";
				}

				public static function getCookie( $name = "" )
				{
								if ( $name == "" )
								{
												return $_COOKIE;
								}
								if ( isset( $_COOKIE[$name] ) )
								{
												return $_COOKIE[$name];
								}
								return "";
				}

				public static function getSession( $name = "" )
				{
								if ( $name == "" )
								{
												return $_SESSION;
								}
								if ( isset( $_SESSION[$name] ) )
								{
												return $_SESSION[$name];
								}
								return "";
				}

				public static function fetchEnv( $name = "" )
				{
								if ( $name == "" )
								{
												return $_ENV;
								}
								if ( isset( $_ENV[$name] ) )
								{
												return $_ENV[$name];
								}
								return "";
				}

				public static function getService( $name = "" )
				{
								if ( $name == "" )
								{
												return $_SERVER;
								}
								if ( isset( $_SERVER[$name] ) )
								{
												return $_SERVER[$name];
								}
								return "";
				}

				public static function getPhpSelf( )
				{
								return strip_tags( self::getservice( "PHP_SELF" ) );
				}

				public static function getServiceName( )
				{
								return self::getservice( "SERVER_NAME" );
				}

				public static function getRequestTime( )
				{
								return self::getservice( "REQUEST_TIME" );
				}

				public static function getUserAgent( )
				{
								return self::getservice( "HTTP_USER_AGENT" );
				}

				public static function getUri( )
				{
								return self::getservice( "REQUEST_URI" );
				}

				public static function isPost( )
				{
								if ( strtolower( self::getservice( "REQUEST_METHOD" ) ) == "post" )
								{
												return TRUE;
								}
								return FALSE;
				}

				public static function isGet( )
				{
								if ( strtolower( self::getservice( "REQUEST_METHOD" ) ) == "get" )
								{
												return TRUE;
								}
								return FALSE;
				}

				public static function isAjax( )
				{
								if ( self::getservice( "HTTP_X_REQUESTED_WITH" ) && strtolower( self::getservice( "HTTP_X_REQUESTED_WITH" ) ) == "xmlhttprequest" )
								{
												return TRUE;
								}
								if ( self::getservice( "HTTP_REQUEST_TYPE" ) && strtolower( self::getservice( "HTTP_REQUEST_TYPE" ) ) == "ajax" )
								{
												return TRUE;
								}
								if ( self::getpost( "oe_ajax" ) || self::getget( "oe_ajax" ) )
								{
												return TRUE;
								}
								return FALSE;
				}

				public static function getip( )
				{
								static $realip = NULL;
								if ( isset( $_SERVER ) )
								{
												if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
												{
																$realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
												}
												else if ( isset( $_SERVER['HTTP_CLIENT_IP'] ) )
												{
																$realip = $_SERVER['HTTP_CLIENT_IP'];
												}
												else
												{
																$realip = $_SERVER['REMOTE_ADDR'];
												}
								}
								else if ( getenv( "HTTP_X_FORWARDED_FOR" ) )
								{
												$realip = getenv( "HTTP_X_FORWARDED_FOR" );
								}
								else if ( getenv( "HTTP_CLIENT_IP" ) )
								{
												$realip = getenv( "HTTP_CLIENT_IP" );
								}
								else
								{
												$realip = getenv( "REMOTE_ADDR" );
								}
								$one = "([0-9]|[0-9]{2}|1\\d\\d|2[0-4]\\d|25[0-5])";
								if ( !@preg_match( "/".$one."\\.".$one."\\.".$one."\\.".$one."\$/", $realip ) )
								{
												$realip = "0.0.0.0";
								}
								return $realip;
				}

				protected static function uri( )
				{
								$uri = self::geturi( );
								$file = dirname( $_SERVER['SCRIPT_NAME'] );
								$request = str_replace( $file, "", $uri );
								$request = explode( "/", trim( $request, "/" ) );
								if ( isset( $request[0] ) )
								{
												$GLOBALS['_GET']['c'] = $request[0];
												unset( $request[0] );
								}
								if ( isset( $request[1] ) )
								{
												$GLOBALS['_GET']['a'] = $request[1];
												unset( $request[1] );
								}
								if ( 1 < count( $request ) )
								{
												$mark = 0;
												$val = $key = array( );
												foreach ( $request as $value )
												{
																++$mark;
																if ( $mark % 2 == 0 )
																{
																				$val[] = $value;
																}
																else
																{
																				$key[] = $value;
																}
												}
												if ( count( $key ) !== count( $val ) )
												{
																$val[] = NULL;
												}
												$get = array_combine( $key, $val );
												foreach ( $get as $key => $value )
												{
																$GLOBALS['_GET'][$key] = $value;
												}
								}
								return TRUE;
				}

				public static function getGpc( $value, $isfliter = TRUE )
				{
								if ( !is_array( $value ) )
								{
												if ( isset( $_GET[$value] ) )
												{
																$temp = trim( $_GET[$value] );
												}
												if ( isset( $_POST[$value] ) )
												{
																$temp = trim( $_POST[$value] );
												}
												$temp = $isfliter === TRUE ? XFilter::filterstr( $temp ) : $temp;
												return trim( $temp );
								}
								$temp = array( );
								foreach ( $value as $val )
								{
												if ( isset( $_GET[$val] ) )
												{
																$temp[$val] = trim( $_GET[$val] );
												}
												if ( isset( $_POST[$val] ) )
												{
																$temp[$val] = trim( $_POST[$val] );
												}
												$temp[$val] = $isfliter === TRUE ? XFilter::filterstr( $temp[$val] ) : $temp[$val];
								}
								return $temp;
				}

				public static function getArgs( $value, $default = NULL, $isfliter = TRUE )
				{
								if ( !empty( $value ) )
								{
												if ( isset( $_GET[$value] ) )
												{
																$temp = trim( $_GET[$value] );
												}
												if ( isset( $_POST[$value] ) )
												{
																$temp = trim( $_POST[$value] );
												}
												if ( $isfliter )
												{
																$temp = XFilter::filterstr( $temp );
												}
												else
												{
																$temp = XFilter::striparray( $temp );
												}
												if ( empty( $temp ) && !empty( $default ) )
												{
																$temp = $default;
												}
												return trim( $temp );
								}
								return "";
				}

				public static function getInt( $value, $default = NULL )
				{
								if ( !empty( $value ) )
								{
												if ( isset( $_GET[$value] ) )
												{
																$temp = $_GET[$value];
												}
												if ( isset( $_POST[$value] ) )
												{
																$temp = $_POST[$value];
												}
												$temp = XFilter::filterstr( $temp );
												if ( empty( $temp ) || FALSE === XValid::isnumber( $temp ) )
												{
																if ( TRUE === XValid::isnumber( $default ) )
																{
																				$temp = $default;
																}
																else
																{
																				$temp = 0;
																}
												}
												return intval( $temp );
								}
								return 0;
				}

				public static function getArray( $value )
				{
								if ( !empty( $value ) )
								{
												if ( isset( $_GET[$value] ) )
												{
																$temp = $_GET[$value];
												}
												if ( isset( $_POST[$value] ) )
												{
																$temp = $_POST[$value];
												}
												return $temp;
								}
								return "";
				}

				public static function recArgs( $value )
				{
								if ( !empty( $value ) )
								{
												if ( isset( $_GET[$value] ) )
												{
																$temp = $_GET[$value];
												}
												if ( isset( $_POST[$value] ) )
												{
																$temp = $_POST[$value];
												}
												return XFilter::filterbadchar( $temp );
								}
								return "";
				}

				public static function getComArgs( $itemname )
				{
								$args = "";
								$array = self::getarray( $itemname );
								if ( !empty( $array ) )
								{
												$ii = 0;
												for ( ;	$ii < count( $array );	++$ii	)
												{
																$val = XFilter::filterbadchar( $array[$ii] );
																if ( !empty( $val ) )
																{
																				if ( $ii == 0 )
																				{
																								$args = $val;
																				}
																				else if ( $args == "" )
																				{
																								$args = $val;
																				}
																				else
																				{
																								$args = $args.",".$val;
																				}
																}
												}
								}
								return $args;
				}

				public static function getComInts( $name )
				{
								$args = "";
								$array = self::getarray( $name );
								if ( !empty( $array ) )
								{
												$ii = 0;
												for ( ;	$ii < count( $array );	++$ii	)
												{
																$val = intval( XFilter::filterbadchar( $array[$ii] ) );
																if ( !empty( $val ) )
																{
																				if ( $ii == 0 )
																				{
																								$args = $val;
																				}
																				else if ( $args == "" )
																				{
																								$args = $val;
																				}
																				else
																				{
																								$args = $args.",".$val;
																				}
																}
												}
								}
								return $args;
				}

}

if ( !defined( "IN_OESOFT" ) )
{
				exit( "Access Denied" );
}
?>

<?php
class XFilter
{

				public static function filterBadChar( $str )
				{
								if ( empty( $str ) || $str == "" )
								{
												return;
								}
								$badstring = array( "'", "\"", "\"", "=", "#", "\$", ">", "<", "\\", "/*", "%", "\x00", "%00", "*" );
								$newstring = array( "", "", "", "", "", "", "", "", "", "", "", "", "", "" );
								$str = str_replace( $badstring, $newstring, $str );
								return trim( $str );
				}

				public static function stripArray( &$_data )
				{
								if ( is_array( $_data ) )
								{
												foreach ( $_data as $_key => $_value )
												{
																$_data[$_key] = trim( self::striparray( $_value ) );
												}
												return $_data;
								}
								return stripslashes( trim( $_data ) );
				}

				public static function filterSlashes( &$value )
				{
								if ( get_magic_quotes_gpc( ) )
								{
												return FALSE;
								}
								$value = ( array )$value;
								foreach ( $value as $key => $val )
								{
												if ( is_array( $val ) )
												{
																self::filterslashes( $value[$key] );
												}
												else
												{
																$value[$key] = addslashes( $val );
												}
								}
				}

				public static function filterScript( $value )
				{
								if ( empty( $value ) )
								{
												return "";
								}
								$value = preg_replace( "/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i", "&111n\\2", $value );
								$value = preg_replace( "/<script(.*?)>(.*?)<\\/script>/si", "", $value );
								$value = preg_replace( "/<iframe(.*?)>(.*?)<\\/iframe>/si", "", $value );
								$value = preg_replace( "/<object.+<\\/object>/iesU", "", $value );
								return $value;
				}

				public static function filterHtml( $value )
				{
								if ( empty( $value ) )
								{
												return "";
								}
								if ( function_exists( "htmlspecialchars" ) )
								{
												return htmlspecialchars( $value );
								}
								return str_replace( array( "&", "\"", "'", "<", ">" ), array( "&amp;", "&quot;", "&#039;", "&lt;", "&gt;" ), $value );
				}

				public static function filterSql( $value )
				{
								if ( empty( $value ) )
								{
												return "";
								}
								$sql = array( "select", "insert", "update", "delete", "\\'", "\\/\\*", "\\.\\.\\/", "\\.\\/", "union", "into", "load_file", "outfile" );
								$sql_re = array( "", "", "", "", "", "", "", "", "", "", "", "" );
								return str_ireplace( $sql, $sql_re, $value );
				}

				public static function filterStr( $value )
				{
								if ( empty( $value ) )
								{
												return "";
								}
								$value = trim( $value );
								$badstr = array( "\x00", "%00", "\r", "&", "\"", "'", "<", ">", "%3C", "%3E" );
								$newstr = array( "", "", "", "&amp;", "&quot;", "&#39;", "&lt;", "&gt;", "&lt;", "&gt;" );
								$value = str_ireplace( $badstr, $newstr, $value );
								$value = preg_replace( "/&amp;((#(\\d{3,5}|x[a-fA-F0-9]{4}));)/", "&\\1", $value );
								return $value;
				}

				public static function filterUrl( )
				{
								if ( preg_replace( "/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER'] ) !== preg_replace( "/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST'] ) )
								{
												return FALSE;
								}
								return TRUE;
				}

				public static function filterForbidChar( $content )
				{
								$new_content = $content;
								$forbidargs = X::$cfg['forbidargs'];
								if ( !empty( $forbidargs ) )
								{
												$array = explode( ",", $forbidargs );
												$i = 0;
												for ( ;	$i < sizeof( $array );	++$i	)
												{
																$new_content = str_ireplace( $array[$i], "", $content );
												}
								}
								return $new_content;
				}

				public static function checkExistsForbidChar( $content )
				{
								$flag = FALSE;
								$forbidargs = X::$cfg['forbidargs'];
								if ( !empty( $forbidargs ) )
								{
												$array = explode( ",", $forbidargs );
												$i = 0;
												for ( ;	$i < sizeof( $array );	++$i	)
												{
																if ( FALSE === strpos( strtolower( $content ), strtolower( $array[$i] ) ) )
																{
																				continue;
																}
																$flag = TRUE;
																break;
												}
								}
								return $flag;
				}

				public static function checkExistsForbidUserName( $username )
				{
								$flag = FALSE;
								$forbidargs = X::$cfg['lockusers'];
								if ( !empty( $forbidargs ) )
								{
												$array = explode( ",", $forbidargs );
												$i = 0;
												for ( ;	$i < sizeof( $array );	++$i	)
												{
																if ( FALSE === strpos( strtolower( $username ), strtolower( $array[$i] ) ) )
																{
																				continue;
																}
																$flag = TRUE;
																break;
												}
								}
								return $flag;
				}

}

if ( !defined( "IN_OESOFT" ) )
{
				exit( "Access Denied" );
}
?>

更多

本文固定链接: http://shanmao.me/uncategorized/php-guo-lv-zi-fu-chuan-de-yi-ge-fang-fa | 山猫的博客

该日志由 admin 于2015年01月07日发表在 未分类 分类下,
原创文章转载请注明: php过滤字符串的一个方法 | 山猫的博客