Common PHP Validation

/**
* File Upload
* @param $file files to upload
* @param $size size settings
* @param $ext file types
* @return BOOL is successfully uploaded
*/
function Imgupload ($file, $size, $ext) {
$info = $file->validate ([' size ' = = $size, ' ext ' = $ext])->move (Root_path. ' public/static/'. Ds. ' Uploads ');
if ($info) {
$filename = $info->getsavename ();
$image =\think\image::open ("static/uploads/". $filename);
Generate a thumbnail with a maximum of 200*200 at the original scale and save as Thumb.png
$image->thumb (->save) ("static/uploads/". $filename);
return $filename;
}else{
return false;
}
}

/**
* Type of judgment
* @param $num need to judge that type
*/
function Judgetype ($param, $type) {
if ($type = = "Array" &&is_array ($param)) {
return Returndata (1, "success");

}else if ($type = = "string" &&is_string ($param)) {

return Returndata (1, "success");

}else if ($type = = "int" &&is_int ($param)) {

return Returndata (1, "success");

}else if ($type = = "Float" &&is_float ($param)) {
return Returndata (1, "success");
}
Return returndata (0, "incorrect type");
}
/**
* Determine if the field length meets the criteria
* @param $str The field to be judged
* @param $len length
*/
function Judgelen ($STR, $len) {
$allLen =mb_strlen ($str, ' UTF8 ');
if ($allLen > $len) {
Return returndata (0, "length too long");
}
return Returndata (1, "");
}

/**
* Filter Dangerous characters
* @param $str
*/
function Filterdangerchars ($STR) {

foreach (config ("Dangerchars") as $item) {

if (Mb_strpos ($str, $item, 0, "UTF8")!==false) {
Return returndata (0, "presence of sensitive characters");
Break
}
}
return Returndata (1, "");
}

/**
* Basic Filter
* @param $param Field
* @param $type Type
* @param $len length
*/
function Filterbase ($param, $type, $len) {

if (!isset ($param)) {
Return returndata (0, "field is empty");
}

$typeResult =judgetype ($param, $type); Determine whether the type is consistent
if ($typeResult ["Code"]==0) return $typeResult;
$lenResult =judgelen ($param, $len); Determine if the length meets the requirements
if ($lenResult ["Code"]==0) return $lenResult;
$dangerResult =filterdangerchars ($param); Whether to include illegal characters

if ($dangerResult ["Code"]==0) return $dangerResult;

return Returndata (1, "success");

}

/**
* SQL anti-injection is escaped
* @param $param fields that need to be filtered
* @param bool|true $addslashes True---escaped by addslashes, false---Replace some keywords in sql
* @param string $type turn into what type
* @return int|mixed|string
*/
function Filtersql ($param, $addslashes =true, $type = "") {
if ($addslashes) {
$param = Addslashes ($param);
}else{
$param =paramreplace ($param);
}
if ($type = = "int") {
$param =changetype ($param, "int");
}

return $param;
}

/**
* Cast to the specified type
* @param $param fields that need to be converted
* @param $type types that need to be converted
* @return data returned by array|float|int|string
*/
function changetype ($param, $type) {
if ($type = = "int") {
$param = Intval ($param);
}else if ($type = "float") {
$param = Floatval ($param);
}else if ($type = = "string") {
$param = Strval ($param);
}else if ($type = = "Array") {
$param =array ($param);
}
return $param;
}

/**
* Filter the keywords in some special SQL statements
* @param $str
* @return Mixed
*/
function Paramreplace ($STR)
{
$str = Str_replace ("", "" ", $str);
$str = Str_replace ("\ n", "", $str);
$str = Str_replace ("\ R", "", $str);
$str = Str_replace ("'", "" ", $str);
$str = Str_replace (' "'," ", $str);
$str = Str_replace ("or", "", $str);
$str = Str_replace ("and", "", $str);
$str = Str_replace ("#", "", $str);
$str = str_replace ("\ \", "", $str);
$str = Str_replace ("null", "", $str);
$str = Str_replace (">", "", $str);
$str = Str_replace ("<", "", $str);
$str = str_replace ("=", "", $str);
$str = Str_replace ("char", "", $str);
$str = Str_replace ("Order", "", $str);
$str = Str_replace ("Select", "", $str);
$str = Str_replace ("Create", "", $str);
$str = str_replace ("delete", "", $str);
$str = Str_replace ("Insert", "", $str);
$str = Str_replace ("Execute", "", $str);
$str = Str_replace ("Update", "", $str);
$str = Str_replace ("Count", "", $str);
return $str;
}

/**
* To avoid XSS vulnerability to filter the specified tags (strip_tags remove all)
* @param $param The field to filter $str = "Dfdf<b>dfdf</b><script>alert (' 1111 ');<em> Italic </em></ Script> ";
* @param $tags Specify which tags need to be filtered
* @return Mixed
*/
function Filterxss ($param, $tags) {
foreach ($tags as $tag) {
$pattern = '/\<.*? '. $tag. " *?\>.*\< (\/)? '. $tag. " *?\>/i ';
Regular filter the specified label
$param = Preg_replace ($pattern, ", $param);
}
return $param;
}

/**
* In order to avoid XSS vulnerability, the label is converted to a string
* @param $param fields that need to turn labels into strings
*/
function FilterXSS1 ($param) {
$param = Htmlspecialchars ($param);
return $param;
}

/**
*
*/
function Filterupload ($file, $type) {
if ($type = = "img") {
if (In_array ($file, config ("img"))) {
return Returndata (1, "");
}
}
Return returndata (0, "incorrect type");
}

/**
* @param $code 0---error 1-success
* @param $data
* @return Array is returned
*/
function Returndata ($code, $data) {
Return Array (
"Code" = $code,
"Data" = $data
);
}

Common PHP Validation