PHP filtering Special Dangerous characters Summary _php tutorial

form submission or URL get value in the Web site we may encounter some security issues, below I summarize some commonly used to filter some of the dangerous special characters of the solution, I hope this tutorial will help you.

In general, for the characters passed in, PHP can be processed with the Addslashes function once (to GET_MAGIC_QUOTES_GPC () for the fake before processing, otherwise it will be escaped again! ), so that a certain level of safety requirements can be achieved
Like this.

The code is as follows	Copy Code
if (!GET_MAGIC_QUOTES_GPC ()) { Add_slashes ($_get); Add_slashes ($_post); Add_slashes ($_cookie); } function Add_slashes ($string) { if (Is_array ($string)) { foreach ($string as $key = = $value) { $string [$key] = add_slashes ($value); } } else { $string = Addslashes ($string); } return $string; }

But it can be further re-encoded, decoded, as follows:

The code is as follows

Copy Code

Coding function HTMLEncode ($STR) { if (empty ($STR)) return; if ($str = = "") return $str; $str =trim ($STR); $str =str_replace ("&", "&amp;", $str); $str =str_replace (">", "&gt;", $str); $str =str_replace ("<", "&lt;", $str); $str =str_replace (CHR), "&nbsp;", $str); $str =str_replace (Chr (9), "&nbsp;", $str); $str =str_replace (CHR), "&", $STR); $str =str_replace (CHR), "& #39;", $STR); $str =str_replace (CHR), "<br/>", $str); $str =str_replace ("'", "'", $str); $str =str_replace ("select", "sel& #101; CT", $str); $str =str_replace ("Join", "jo& #105; n", $str); $str =str_replace ("union", "un& #105; on", $STR); $str =str_replace ("where", "wh& #101; Re", $STR); $str =str_replace ("Insert", "ins& #101; RT", $STR); $str =str_replace ("delete", "del& #101; TE", $str); $str =str_replace ("Update", "up& #100; ate", $str); $str =str_replace ("Like", "lik& #101;", $STR); $str =str_replace ("Drop", "dro& #112;", $STR); $str =str_replace ("Create", "cr& #101; ate", $str); $str =str_replace ("Modify", "mod& #105; FY", $str); $str =str_replace ("rename", "ren& #097; Me", $str); $STR =str_replace ("Alter", "alt& #101; r", $str); $str =str_replace ("Cast", "ca& #115;", $STR); return $str; }

This can be more secure to the external data processing, but from the database out, in the foreground display, you must re-decode:

The code is as follows

Copy Code

Decoding function HtmlDecode ($STR) { if (empty ($STR)) return; if ($str = = "") return $str; $str =str_replace ("sel& #101; CT", "select", $str); $str =str_replace ("jo& #105; n", "join", $STR); $str =str_replace ("un& #105; on", "union", $STR); $str =str_replace ("wh& #101; Re", "where", $str); $str =str_replace ("ins& #101; RT", "Insert", $STR); $str =str_replace ("del& #101; TE", "delete", $str); $str =str_replace ("up& #100; ate", "Update", $STR); $str =str_replace ("lik& #101;", "like", $STR); $str =str_replace ("dro& #112;", "Drop", $str); $str =str_replace ("cr& #101; ate", "create", $STR); $str =str_replace ("mod& #105; FY", "Modify", $str); $str =str_replace ("ren& #097; Me", "rename", $str); $str =str_replace ("alt& #101; R", "Alter", $STR); $str =str_replace ("ca& #115;", "cast", $STR); $str =str_replace ("&amp;", "&", $STR); $str =str_replace ("&gt;", ">", $str); $str =str_replace ("&lt;", "<", $str); $str =str_replace ("&nbsp;", Chr (+), $str); $str =str_replace ("&nbsp;", Chr (9), $STR); $str =str_replace ("&", CHR, $STR); $str =str_replace ("& #39;", CHR, $STR); $str =str_replace ("<br/>", CHR, $STR); $str =str_replace ("'" "," ' ", $str); return $str; }

Although more than one step coding, decoding the process, but security aspects, will go further, how to do, their own choice bar.

Attach some more

The code is as follows

Copy Code

function Safe_replace ($string) { $string = Str_replace (', ', ', $string); $string = Str_replace (' ', ' ', $string); $string = Str_replace (' ', ' ', $string); $string = Str_replace (' * ', ' ', $string); $string = Str_replace (' "', '" ', $string); $string = Str_replace ("'", "', $string); $string = Str_replace (' "', ' ', $string); $string = Str_replace ('; ', ' ', $string); $string = Str_replace (' < ', ' < ', $string); $string = Str_replace (' > ', ' > ', $string); $string = Str_replace ("{", "', $string); $string = Str_replace ('} ', ' ', $string); return $string; }

The more comprehensive

The code is as follows

Copy Code

Processing the submitted data function HtmlDecode ($STR) { if (Empty ($STR) | | "" = = $str) { Return ""; } $str = Strip_tags ($STR); $str = Htmlspecialchars ($STR); $str = NL2BR ($STR); $str = Str_replace ("?", "" ", $str); $str = Str_replace ("*", "", $str); $str = Str_replace ("!", "" ", $str); $str = Str_replace ("~", "", $str); $str = Str_replace ("$", "", $str); $str = str_replace ("%", "", $str); $str = Str_replace ("^", "", $str); $str = Str_replace ("^", "", $str); $str = Str_replace ("Select", "", $str); $str = Str_replace ("Join", "", $str); $str = Str_replace ("union", "", $str); $str = Str_replace ("where", "", $str); $str = Str_replace ("Insert", "", $str); $str = str_replace ("delete", "", $str); $str = Str_replace ("Update", "", $str); $str = Str_replace ("Like", "", $str); $str = Str_replace ("Drop", "", $str); $str = Str_replace ("Create", "", $str); $str = Str_replace ("Modify", "", $str); $str = str_replace ("rename", "", $str); $str = Str_replace ("Alter", "", $str); $str = Str_replace ("Cast", "", $str); $farr = Array ("//s+/",//filter Extra blanks "/< (//?) (img|script|i?frame|style|html|body|title|link|meta|/?| /%) ([^>]*?) >/isu ",//Filter"/(<[^>]*) on[a-za-z]+/s*= ([^>]*>)/isu")//filter on the JavaScript on event ; $tarr = Array ("", "",//If you want to clear unsafe labels directly, you can leave this blank "" ); return $str; }

http://www.bkjia.com/PHPjc/632822.html www.bkjia.com true http://www.bkjia.com/PHPjc/632822.html techarticle form submission or URL get value in the Web site we may encounter some security issues, below I summarize some commonly used to filter some dangerous special characters of the solution, I hope this tutorial on each ...

