PHP Security filter function code to prevent user malicious input content.
The code is as follows:
Safe filter input [JB] function Check_str ($string, $isurl = False) {$string = Preg_replace ('/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]/ ', ', $string); $string = Str_replace (Array ("n", "%00", "\ R"), ", $string); Empty ($isurl) && $string = Preg_replace ("/& (?! (#[0-9]+| [a-z]+];)/si ", ' & ', $string); $string = Str_replace (Array ("%3c", ' < '), ' < ', $string); $string = Str_replace (Array ("%3e", ' > '), ' > ', $string); $string = Str_replace (' "'," ' "," \ T "," '), Array (' "', '" ', ', '), $string); Return trim ($string); }
Here are some of the filtering functions that we've compiled for you:
The code is as follows:
/*** Security Filter Class-Filter javascript,css,iframes,object and other unsafe parameters Filter Level High * Use method in Controller: $this->controller->fliter_script ($ Value) * @param string $value values that need to be filtered * @return string*/function fliter_script ($value) {$value = Preg_replace ("/(JavaScript :) on (click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/I "," &111n\\2 " , $value); $value = Preg_replace ("/(. *?) <\/script>/si "," ", $value); $value = Preg_replace ("/(. *?) <\/iframe>/si "," ", $value); $value = Preg_replace ("//iesu "," ", $value); return $value;} /*** Security Filter Class-Filter HTML tags * Use method in Controller: $this->controller->fliter_html ($value) * @param string $value The value to be filtered * @ Return string*/function fliter_html ($value) {if (function_exists (' Htmlspecialchars ')) return Htmlspecialchars ($value ); return Str_replace (Array ("&", ' "'," ' "," < "," > "), Array (" & "," \ "," ' "," < "," > "), $value);} /*** security Filtering class-underline incoming data to prevent SQL injection * Controller usage: $this->controller->fliter_sql ($value) * @param string $value need to be filteredThe value of * @return string*/function fliter_sql ($value) {$sql = Array ("Select", ' Insert ', "Update", "delete", "\", "\/\*", " \.\.\/"," \.\/"," union "," into "," Load_file "," outfile "); $sql _re = Array (" "," "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "," "," "," "," "); return Str_replace ($sql, $sql _re, $value);} /*** Security Filter Class-General data filter * use in Controller: $this->controller->fliter_escape ($value) * @param string $value the variable to be filtered * @ Return string|array*/function Fliter_escape ($value) {if (Is_array ($value)) {foreach ($value as $k = $v) {$value [$ K] = Self::fliter_str ($v); }} else {$value = Self::fliter_str ($value);} return $value;} /*** Security Filter Class-string filter filter special have harmful characters * use method in Controller: $this->controller->fliter_str ($value) * @param string $value The value that needs to be filtered * @return string*/function fliter_str ($value) {$badstr = Array ("", "%00", "\ R", ' & ', ', ' "', '" ' "," < "," > "," ","%3c ","%3e "), $newstr = Array (', ', ', ', ' & ', ' ', ' ', ' ', ' < ', ' > '," "," < "," > "); $value = St R_replace ($badstr, $newstr, $value$value = Preg_replace ('/& (# (\d{3,5}|x[a-fa-f0-9]{4});)/', ' &\\1 ', $value); return $value;} /*** Private Road Strength Security conversion * Controller usage: $this->controller->filter_dir ($fileName) * @param string $fileName * @return String*/function Filter_dir ($fileName) {$tmpname = Strtolower ($fileName); $temp = Array (':/', "\ n", ".."); if (Str_replace ($temp, ', $tmpname)!== $tmpname) {return false;} return $fileName;} /*** Filter Directory * Use method in Controller: $this->controller->filter_path ($path) * @param string $path * @return Array*/public function Filter_path ($path) {$path = Str_replace (Array ("'", ' # ', ' = ', ' ', ' $ ', '% ', ' & ', '; '), ', $path); return RTrim ( Preg_replace ('/(\/) {2,}| ( \\\) {1,}/', '/', $path), '/');} /*** Filter PHP tags * Controller in use: $this->controller->filter_phptag ($string) * @param string $string * @return string* /public function Filter_phptag ($string) {return Str_replace (Array ("), Array (' <? ', '?> '), $string);} /*** Safe Filter Class-return function * Use method in Controller: $this->controller->str_out ($value) * @param String $value the value to be filtered * @return String*/public function str_out ($value) {$badstr = Array ("<", ">", "%3c", "%3e"); $ne WSTR = Array ("<", ">", "<", ">"), $value = Str_replace ($newstr, $badstr, $value); return stripslashes ($value); Underline}