发布于admin

php过滤字符串的一个方法

[code lang=”php”] // 这个也不错,和ecshop的差不多。这个是齐博cms的
$_POST=Add_S($_POST);
$_GET=Add_S($_GET);
$_COOKIE=Add_S($_COOKIE);

function Add_S($array){
foreach($array as $key=>$value){
@eregi("[‘\\\"]+",$key) && die(‘ERROR KEY!’);
if(!is_array($value)){
$value=str_replace("&#x","& # x",$value); //过滤一些不安全字符
$value=preg_replace("/eval/i","eva l",$value); //过滤不安全函数
!get_magic_quotes_gpc() && $value=addslashes($value);
$array[$key]=$value;
}else{
$array[$key]=Add_S($array[$key]);
}
}
return $array;
}
[/code]

[code lang=”php”]
public static function filterStr( $value )
{
if ( empty( $value ) )
{
return "";
}
$value = trim( $value );
$badstr = array( "\x00", "%00", "\r", "&", "\"", "’", "<", ">", "%3C", "%3E" );
$newstr = array( "", "", "", "&amp;", "&quot;", "&#39;", "&lt;", "&gt;", "&lt;", "&gt;" );
$value = str_ireplace( $badstr, $newstr, $value );
$value = preg_replace( "/&amp;((#(\\d{3,5}|x[a-fA-F0-9]{4}));)/", "&\\1", $value );
return $value;
}
[/code]

[code lang=”php”]
public static function stripArray( &$_data )
{
if ( is_array( $_data ) )
{
foreach ( $_data as $_key => $_value )
{
$_data[$_key] = trim( self::striparray( $_value ) );
}
return $_data;
}
return stripslashes( trim( $_data ) );
}
[/code]

另收藏:
[code lang=”php”]
<?php
class XRequest
{

public static function getPost( $name = "" )
{
if ( empty( $name ) )
{
return $_POST;
}
if ( isset( $_POST[$name] ) )
{
return $_POST[$name];
}
return "";
}

public static function getGet( $name = "" )
{
if ( empty( $name ) )
{
return $_GET;
}
if ( isset( $_GET[$name] ) )
{
return $_GET[$name];
}
return "";
}

public static function getCookie( $name = "" )
{
if ( $name == "" )
{
return $_COOKIE;
}
if ( isset( $_COOKIE[$name] ) )
{
return $_COOKIE[$name];
}
return "";
}

public static function getSession( $name = "" )
{
if ( $name == "" )
{
return $_SESSION;
}
if ( isset( $_SESSION[$name] ) )
{
return $_SESSION[$name];
}
return "";
}

public static function fetchEnv( $name = "" )
{
if ( $name == "" )
{
return $_ENV;
}
if ( isset( $_ENV[$name] ) )
{
return $_ENV[$name];
}
return "";
}

public static function getService( $name = "" )
{
if ( $name == "" )
{
return $_SERVER;
}
if ( isset( $_SERVER[$name] ) )
{
return $_SERVER[$name];
}
return "";
}

public static function getPhpSelf( )
{
return strip_tags( self::getservice( "PHP_SELF" ) );
}

public static function getServiceName( )
{
return self::getservice( "SERVER_NAME" );
}

public static function getRequestTime( )
{
return self::getservice( "REQUEST_TIME" );
}

public static function getUserAgent( )
{
return self::getservice( "HTTP_USER_AGENT" );
}

public static function getUri( )
{
return self::getservice( "REQUEST_URI" );
}

public static function isPost( )
{
if ( strtolower( self::getservice( "REQUEST_METHOD" ) ) == "post" )
{
return TRUE;
}
return FALSE;
}

public static function isGet( )
{
if ( strtolower( self::getservice( "REQUEST_METHOD" ) ) == "get" )
{
return TRUE;
}
return FALSE;
}

public static function isAjax( )
{
if ( self::getservice( "HTTP_X_REQUESTED_WITH" ) && strtolower( self::getservice( "HTTP_X_REQUESTED_WITH" ) ) == "xmlhttprequest" )
{
return TRUE;
}
if ( self::getservice( "HTTP_REQUEST_TYPE" ) && strtolower( self::getservice( "HTTP_REQUEST_TYPE" ) ) == "ajax" )
{
return TRUE;
}
if ( self::getpost( "oe_ajax" ) || self::getget( "oe_ajax" ) )
{
return TRUE;
}
return FALSE;
}

public static function getip( )
{
static $realip = NULL;
if ( isset( $_SERVER ) )
{
if ( isset( $_SERVER[‘HTTP_X_FORWARDED_FOR’] ) )
{
$realip = $_SERVER[‘HTTP_X_FORWARDED_FOR’];
}
else if ( isset( $_SERVER[‘HTTP_CLIENT_IP’] ) )
{
$realip = $_SERVER[‘HTTP_CLIENT_IP’];
}
else
{
$realip = $_SERVER[‘REMOTE_ADDR’];
}
}
else if ( getenv( "HTTP_X_FORWARDED_FOR" ) )
{
$realip = getenv( "HTTP_X_FORWARDED_FOR" );
}
else if ( getenv( "HTTP_CLIENT_IP" ) )
{
$realip = getenv( "HTTP_CLIENT_IP" );
}
else
{
$realip = getenv( "REMOTE_ADDR" );
}
$one = "([0-9]|[0-9]{2}|1\\d\\d|2[0-4]\\d|25[0-5])";
if ( !@preg_match( "/".$one."\\.".$one."\\.".$one."\\.".$one."\$/", $realip ) )
{
$realip = "0.0.0.0";
}
return $realip;
}

protected static function uri( )
{
$uri = self::geturi( );
$file = dirname( $_SERVER[‘SCRIPT_NAME’] );
$request = str_replace( $file, "", $uri );
$request = explode( "/", trim( $request, "/" ) );
if ( isset( $request[0] ) )
{
$GLOBALS[‘_GET’][‘c’] = $request[0];
unset( $request[0] );
}
if ( isset( $request[1] ) )
{
$GLOBALS[‘_GET’][‘a’] = $request[1];
unset( $request[1] );
}
if ( 1 < count( $request ) )
{
$mark = 0;
$val = $key = array( );
foreach ( $request as $value )
{
++$mark;
if ( $mark % 2 == 0 )
{
$val[] = $value;
}
else
{
$key[] = $value;
}
}
if ( count( $key ) !== count( $val ) )
{
$val[] = NULL;
}
$get = array_combine( $key, $val );
foreach ( $get as $key => $value )
{
$GLOBALS[‘_GET’][$key] = $value;
}
}
return TRUE;
}

public static function getGpc( $value, $isfliter = TRUE )
{
if ( !is_array( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = trim( $_GET[$value] );
}
if ( isset( $_POST[$value] ) )
{
$temp = trim( $_POST[$value] );
}
$temp = $isfliter === TRUE ? XFilter::filterstr( $temp ) : $temp;
return trim( $temp );
}
$temp = array( );
foreach ( $value as $val )
{
if ( isset( $_GET[$val] ) )
{
$temp[$val] = trim( $_GET[$val] );
}
if ( isset( $_POST[$val] ) )
{
$temp[$val] = trim( $_POST[$val] );
}
$temp[$val] = $isfliter === TRUE ? XFilter::filterstr( $temp[$val] ) : $temp[$val];
}
return $temp;
}

public static function getArgs( $value, $default = NULL, $isfliter = TRUE )
{
if ( !empty( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = trim( $_GET[$value] );
}
if ( isset( $_POST[$value] ) )
{
$temp = trim( $_POST[$value] );
}
if ( $isfliter )
{
$temp = XFilter::filterstr( $temp );
}
else
{
$temp = XFilter::striparray( $temp );
}
if ( empty( $temp ) && !empty( $default ) )
{
$temp = $default;
}
return trim( $temp );
}
return "";
}

public static function getInt( $value, $default = NULL )
{
if ( !empty( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = $_GET[$value];
}
if ( isset( $_POST[$value] ) )
{
$temp = $_POST[$value];
}
$temp = XFilter::filterstr( $temp );
if ( empty( $temp ) || FALSE === XValid::isnumber( $temp ) )
{
if ( TRUE === XValid::isnumber( $default ) )
{
$temp = $default;
}
else
{
$temp = 0;
}
}
return intval( $temp );
}
return 0;
}

public static function getArray( $value )
{
if ( !empty( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = $_GET[$value];
}
if ( isset( $_POST[$value] ) )
{
$temp = $_POST[$value];
}
return $temp;
}
return "";
}

public static function recArgs( $value )
{
if ( !empty( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = $_GET[$value];
}
if ( isset( $_POST[$value] ) )
{
$temp = $_POST[$value];
}
return XFilter::filterbadchar( $temp );
}
return "";
}

public static function getComArgs( $itemname )
{
$args = "";
$array = self::getarray( $itemname );
if ( !empty( $array ) )
{
$ii = 0;
for ( ; $ii < count( $array ); ++$ii )
{
$val = XFilter::filterbadchar( $array[$ii] );
if ( !empty( $val ) )
{
if ( $ii == 0 )
{
$args = $val;
}
else if ( $args == "" )
{
$args = $val;
}
else
{
$args = $args.",".$val;
}
}
}
}
return $args;
}

public static function getComInts( $name )
{
$args = "";
$array = self::getarray( $name );
if ( !empty( $array ) )
{
$ii = 0;
for ( ; $ii < count( $array ); ++$ii )
{
$val = intval( XFilter::filterbadchar( $array[$ii] ) );
if ( !empty( $val ) )
{
if ( $ii == 0 )
{
$args = $val;
}
else if ( $args == "" )
{
$args = $val;
}
else
{
$args = $args.",".$val;
}
}
}
}
return $args;
}

}

if ( !defined( "IN_OESOFT" ) )
{
exit( "Access Denied" );
}
?>

[/code]

[code lang=”php”]
<?php
class XFilter
{

public static function filterBadChar( $str )
{
if ( empty( $str ) || $str == "" )
{
return;
}
$badstring = array( "’", "\"", "\"", "=", "#", "\$", ">", "<", "\\", "/*", "%", "\x00", "%00", "*" );
$newstring = array( "", "", "", "", "", "", "", "", "", "", "", "", "", "" );
$str = str_replace( $badstring, $newstring, $str );
return trim( $str );
}

public static function stripArray( &$_data )
{
if ( is_array( $_data ) )
{
foreach ( $_data as $_key => $_value )
{
$_data[$_key] = trim( self::striparray( $_value ) );
}
return $_data;
}
return stripslashes( trim( $_data ) );
}

public static function filterSlashes( &$value )
{
if ( get_magic_quotes_gpc( ) )
{
return FALSE;
}
$value = ( array )$value;
foreach ( $value as $key => $val )
{
if ( is_array( $val ) )
{
self::filterslashes( $value[$key] );
}
else
{
$value[$key] = addslashes( $val );
}
}
}

public static function filterScript( $value )
{
if ( empty( $value ) )
{
return "";
}
$value = preg_replace( "/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i", "&111n\\2", $value );
$value = preg_replace( "/<script(.*?)>(.*?)<\\/script>/si", "", $value );
$value = preg_replace( "/<iframe(.*?)>(.*?)<\\/iframe>/si", "", $value );
$value = preg_replace( "/<object.+<\\/object>/iesU", "", $value );
return $value;
}

public static function filterHtml( $value )
{
if ( empty( $value ) )
{
return "";
}
if ( function_exists( "htmlspecialchars" ) )
{
return htmlspecialchars( $value );
}
return str_replace( array( "&", "\"", "’", "<", ">" ), array( "&amp;", "&quot;", "&#039;", "&lt;", "&gt;" ), $value );
}

public static function filterSql( $value )
{
if ( empty( $value ) )
{
return "";
}
$sql = array( "select", "insert", "update", "delete", "\\’", "\\/\\*", "\\.\\.\\/", "\\.\\/", "union", "into", "load_file", "outfile" );
$sql_re = array( "", "", "", "", "", "", "", "", "", "", "", "" );
return str_ireplace( $sql, $sql_re, $value );
}

public static function filterStr( $value )
{
if ( empty( $value ) )
{
return "";
}
$value = trim( $value );
$badstr = array( "\x00", "%00", "\r", "&", "\"", "’", "<", ">", "%3C", "%3E" );
$newstr = array( "", "", "", "&amp;", "&quot;", "&#39;", "&lt;", "&gt;", "&lt;", "&gt;" );
$value = str_ireplace( $badstr, $newstr, $value );
$value = preg_replace( "/&amp;((#(\\d{3,5}|x[a-fA-F0-9]{4}));)/", "&\\1", $value );
return $value;
}

public static function filterUrl( )
{
if ( preg_replace( "/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER[‘HTTP_REFERER’] ) !== preg_replace( "/([^\\:]+).*/", "\\1", $_SERVER[‘HTTP_HOST’] ) )
{
return FALSE;
}
return TRUE;
}

public static function filterForbidChar( $content )
{
$new_content = $content;
$forbidargs = X::$cfg[‘forbidargs’];
if ( !empty( $forbidargs ) )
{
$array = explode( ",", $forbidargs );
$i = 0;
for ( ; $i < sizeof( $array ); ++$i )
{
$new_content = str_ireplace( $array[$i], "", $content );
}
}
return $new_content;
}

public static function checkExistsForbidChar( $content )
{
$flag = FALSE;
$forbidargs = X::$cfg[‘forbidargs’];
if ( !empty( $forbidargs ) )
{
$array = explode( ",", $forbidargs );
$i = 0;
for ( ; $i < sizeof( $array ); ++$i )
{
if ( FALSE === strpos( strtolower( $content ), strtolower( $array[$i] ) ) )
{
continue;
}
$flag = TRUE;
break;
}
}
return $flag;
}

public static function checkExistsForbidUserName( $username )
{
$flag = FALSE;
$forbidargs = X::$cfg[‘lockusers’];
if ( !empty( $forbidargs ) )
{
$array = explode( ",", $forbidargs );
$i = 0;
for ( ; $i < sizeof( $array ); ++$i )
{
if ( FALSE === strpos( strtolower( $username ), strtolower( $array[$i] ) ) )
{
continue;
}
$flag = TRUE;
break;
}
}
return $flag;
}

}

if ( !defined( "IN_OESOFT" ) )
{
exit( "Access Denied" );
}
?>

[/code]