PHP implementation of form submission data validation processing function method

This article mainly introduces the PHP implementation of form submission data validation processing function, can achieve anti-SQL injection and XSS attacks, including PHP character processing, encoding conversion related operation skills, the need for friends can refer to the next

Anti-XSS Attack code:

/** * Security Filter function * * @param $string * @return string */function safe_replace ($string) {$string = Str_replace ('%20 ', ', $string ); $string = Str_replace ('%27 ', ' ', $string); $string = Str_replace ('%2527 ', ' ', $string); $string = Str_replace (' * ', ' ', $string); $string = Str_replace (' "', '" ', $string); $string = Str_replace ("'", "', $string); $string = Str_replace (' "', ' ', $string); $string = Str_replace ('; ', ' ', $string); $string = Str_replace (' < ', ' < ', $string); $string = Str_replace (' > ', ' > ', $string); $string = Str_replace ("{", "', $string); $string = Str_replace ('} ', ' ', $string); $string = str_replace (' \ \ ', ' ', $string); return $string;}

code example:

<?php$user_name = Strim ($_request[' user_name ')), function Strim ($str) {//trim () functions remove white space characters or other predefined characters on either side of the string. The Htmlspecialchars () function converts pre-defined characters to HTML entities (anti-XSS attacks). The predefined characters are://& (and sign) becomes &//"(double quotes) becomes"//' (single quote) becomes '//< (less than) becomes <//> (greater than) becomes > return quotes (htmlspecia Lchars (Trim ($STR)));} Anti-SQL injection function quotes ($content) {//if $content is an array if (Is_array ($content)) {  foreach ($content as $key =>$ Value)  {   //$content [$key] = mysql_real_escape_string ($value);   The/*addslashes () function returns a string that adds a backslash before a predefined character.   predefined characters are:   single quotation mark (')   double quotation mark (') backslash   (\)   NULL */   $content [$key] = addslashes ($value);  }} else {  //if $content isn't an array  //$content =mysql_real_escape_string ($content);  $content =addslashes ($content); } return $content;}? >

Filter SQL injection function filter_injection (& $request) {$pattern = "/(select[\s]) | ( Insert[\s]) | (update[\s]) | (delete[\s]) | (from[\s]) | (where[\s])/I "; foreach ($request as $k = + $v) {    if (Preg_match ($pattern, $k, $match))    {die      ("SQL injection denied!");    }    if (Is_array ($v))    {     filter_injection ($request [$k]);    }    else    {     if (Preg_match ($pattern, $v, $match))     {die      ("SQL injection denied!");    }}}

anti-SQL injection:

mysql_real_escape_string()The function escapes special characters in the string used in the SQL statement.

The following characters are affected:

\x00
\ n
\ r
'
”
\x1a

If successful, the function returns the escaped string. If it fails, it returns false.

Grammar

mysql_real_escape_string(string,connection)

Parameters	Description
string is required.	Specifies the string to be escaped.
Connection is optional.	Specify MySQL connection. If not specified, the previous connection is used.

A checksum for a purely numeric or numeric string can be used

is_numeric()Detects if a variable is a numeric or numeric string

Instance:

<?php function Get_numeric ($val) {  if (is_numeric ($val)) {  return $val + 0;  }  return 0; }?>

Is_array -detects if the variable is an array
bool is_array ( mixed $var )
Returns TRUE if Var is an array, otherwise FALSE.

Is_dir Determines whether a given file name is a directory
bool is_dir ( string $filename )
Determines whether a given file name is a directory.
Returns TRUE if the file name exists and is a directory, otherwise false is returned.

is_file -Determine if the given file name is a normal file
bool is_file ( string $filename )
Determines whether the given file name is a normal file.
Returns TRUE if the file exists and is normal, otherwise FALSE.
Note:
Because the integer type of PHP is signed integer and many platforms use 32-bit integers, some file system functions may return unexpected results for files above 2GB.

Is_bool -detects if a variable is a Boolean type
bool is_bool ( mixed $var )
Returns TRUE if Var is a Boolean.

is_string -detects if a variable is a string
bool is_string ( mixed $var )
Returns TRUE if Var is a string, otherwise FALSE.

Is_int -detects if the variable is an integer
bool is_int ( mixed $var )
Returns TRUE if Var is an integer, otherwise FALSE.
Note:
If you want to test whether a variable is a numeric or numeric string (such as form input, which is usually a string), you must use Is_numeric ().

is_float -detects if the variable is floating-point
bool is_float ( mixed $var )
Returns TRUE if Var is float, otherwise FALSE.
Note:
If you want to test whether a variable is a numeric or numeric string (such as form input, which is usually a string), you must use Is_numeric ().

Is_null -detects if the variable is null
bool is_null ( mixed $var )
Returns TRUE if VAR is null, otherwise FALSE.

is_readable -Determines whether a given file name is readable
bool is_readable ( string $filename )
Determines whether the given file name exists and is readable. Returns TRUE if the file or directory specified by filename is present and is readable, otherwise FALSE.

is_writable -Determines whether a given file name can be written
bool is_writable ( string $filename )
Returns TRUE if the file exists and is writable. The filename parameter can be a directory name that allows for a writable check.

file_exists -Check whether a file or directory exists
bool file_exists ( string $filename )
Checks whether a file or directory exists.
In Windows, you use//computername/share/filename or \computername\share\filename to check for shared files on your network.
Returns TRUE if the file or directory specified by filename is present, otherwise FALSE.

is_executable -Determines whether the given file name is executable
bool is_executable ( string $filename )
Determines whether the given file name can be executed. Returns TRUE if the file exists and can be executed, false when the error is returned.

Related recommendations:

Resolves an input label issue in which PHP handles form form submissions with multiple Name property values

Python demo form submission Login Library

Use Ajax for Form form submission steps