Recently, I have seen a website infected with Trojans and sent a php character filtering class. I suggest you pay more attention to the security knowledge of webmasters. The code is as follows:
The code is as follows:
Abstract class Filter {// filter parent class
Private $ blackstr = array ();
Private $ whitestr = array ();
Function filtit ($ str ){
// Do something
}
}
Class LoginFilter extends Filter {// for user login filte username (Filter registered username)
Function filtit ($ str ){
$ This-> blackstr = array (
'/[\ X7f-\ xff]/', // filter chinese include chinese symbol
'/\ W/' // filter all english symbol
);
Return preg_replace ($ this-> blackstr, '', $ str );
}
}
Class EditorFilter extends Filter {// for article editor filter (Filter online editor content)
Function filtit ($ str ){
$ This-> blackstr = array (
'/\&/',
'/\'/',
'/\"/',
'/\ '/\> /',
'/\\\\/',
'/\//',
'/-/',
'/\*/',
'//'
);
$ This-> whitestr = array (
'&',
''',
'"',
'<',
'> ',
'\',
'/',
'-',
'*',
''
);
Return preg_replace ($ this-> blackstr, $ this-> whitestr, $ str );
}
}
Class SQLFilter extends Filter {// for filte SQL query string (Filter such as query or other SQL statements)
Function filtit ($ str ){
$ This-> blackstr = array (
'/\'/',
'/-/'
);
Return preg_replace ($ this-> blackstr, '', $ str );
}
}
Class FileNameFilter extends Filter {// for filte a file name (Filter file names such as download file names)
Function filtit ($ str ){
$ This-> blackstr = array (
'/[^ A-za-z0-9 _ \.] | \ ^ | \ [| \]/'
);
Return preg_replace ($ this-> blackstr, '', $ str );
}
}
?>
The usage is as follows:
The code is as follows:
$ Filter = new FileNameFilter (); // defines an instance.
$ DownFile = $ filter-> filtit ($ _ GET ['FN ']); // call the filter method