Php Security filters function code to prevent malicious content input by users.
The code is as follows:
// Security filter input [jb]
Function check_str ($ string, $ isurl = false)
{
$ String = preg_replace ('/[\ x00-\ x08 \ x0B \ x0C \ x0E-\ x1F]/', '', $ string );
$ String = str_replace (array ("\ 0", "% 00", "\ r"), '', $ string );
Empty ($ isurl) & $ string = preg_replace ("/&(?! (# [0-9] + | [a-z] +);)/si ", '&', $ string );
$ String = str_replace (array ("% 3C", '<'), '<', $ string );
$ String = str_replace (array ("% 3E", '>'), '>', $ string );
$ String = str_replace (array ('"'," '"," \ t ",''), array (', '', ''), $ string );
Return trim ($ string );
}
The following are some filtering functions for you:
The code is as follows:
/**
* Security filtering-filtering of insecure parameters, such as javascript, css, iframes, and object, with a high level of filtering
* Controller usage: $ this-> controller-> fliter_script ($ value)
* @ Param string $ value the value to be filtered
* @ Return string
*/
Function fliter_script ($ value ){
$ Value = preg_replace ("/(javascript :)? On (click | load | key | mouse | error | abort | move | unload | change | dblclick | move | reset | resize | submit)/I ", "& 111n \ 2", $ value );
$ Value = preg_replace ("/(.*?) <\/Script>/si "," ", $ value );
$ Value = preg_replace ("/(.*?) <\/Iframe>/si "," ", $ value );
$ Value = preg_replace ("// iesU", '', $ value );
Return $ value;
}
/**
* Security filtering-HTML tag filtering
* Controller usage: $ this-> controller-> fliter_html ($ value)
* @ Param string $ value the value to be filtered
* @ Return string
*/
Function fliter_html ($ value ){
If (function_exists ('htmlspecialchars') return htmlspecialchars ($ value );
Return str_replace (array ("&", '"'," '"," <","> "), array ("&","\"", "'", "<", ">"), $ value );
}
/**
* Security filtering-underline incoming data to prevent SQL injection
* Controller usage: $ this-> controller-> fliter_ SQL ($ value)
* @ Param string $ value the value to be filtered
* @ Return string
*/
Function fliter_ SQL ($ value ){
$ SQL = array ("select", 'insert', "update", "delete ","\'","\/\*",
"\. \. \/", "\. \/", "Union", "into", "load_file", "outfile ");
$ SQL _re = array ("","","","","","","","","","","", "");
Return str_replace ($ SQL, $ SQL _re, $ value );
}
/**
* Security filtering-General data filtering
* Controller usage: $ this-> controller-> fliter_escape ($ value)
* @ Param string $ value the variable to be filtered
* @ Return string | array
*/
Function fliter_escape ($ value ){
If (is_array ($ value )){
Foreach ($ value as $ k => $ v ){
$ Value [$ k] = self: fliter_str ($ v );
}
} Else {
$ Value = self: fliter_str ($ value );
}
Return $ value;
}
/**
* Security filtering-string filtering filters out special harmful characters
* Controller usage: $ this-> controller-> fliter_str ($ value)
* @ Param string $ value the value to be filtered
* @ Return string
*/
Function fliter_str ($ value ){
$ Badstr = array ("\ 0", "% 00", "\ r", '&', '', '"', "'", "<", ">", "", "% 3C", "% 3E ");
$ Newstr = array ('', '&','', '"', '''," <","> ","", "<", "> ");
$ Value = str_replace ($ badstr, $ newstr, $ value );
$ Value = preg_replace ('/& (# (\ d {3, 5} | x [a-fA-F0-9] {4});)/', '& \ 1 ', $ value );
Return $ value;
}
/**
* Secure conversion of private traffic
* Controller usage: $ this-> controller-> filter_dir ($ fileName)
* @ Param string $ fileName
* @ Return string
*/
Function filter_dir ($ fileName ){
$ Tmpname = strtolower ($ fileName );
$ Temp = array (':/', "\ 0 ","..");
If (str_replace ($ temp, '', $ tmpname )! ==$ Tmpname ){
Return false;
}
Return $ fileName;
}
/**
* Filter directories
* Controller usage: $ this-> controller-> filter_path ($ path)
* @ Param string $ path
* @ Return array
*/
Public function filter_path ($ path ){
$ Path = str_replace (array ("'",' # ',' = ', ''',' $ ',' % ','&',';'), '', $ path );
Return rtrim (preg_replace ('/(\/) {2,} | (\) {1,}/', '/', $ path ), '/');
}
/**
* Filter PHP labels
* Controller usage: $ this-> controller-> filter_phptag ($ string)
* @ Param string $ string
* @ Return string
*/
Public function filter_phptag ($ string ){
Return str_replace (array (''), array ('<? ','?> '), $ String );
}
/**
* Security filtering-return functions
* Controller usage: $ this-> controller-> str_out ($ value)
* @ Param string $ value the value to be filtered
* @ Return string
*/
Public function str_out ($ value ){
$ Badstr = array ("<", ">", "% 3C", "% 3E ");
$ Newstr = array ("<", ">", "<", "> ");
$ Value = str_replace ($ newstr, $ badstr, $ value );
Return stripslashes ($ value); // underline
}