PHP Security Filter Function code
PHP Security filter function code to prevent user malicious input content.
//Safe filter input [JB]Function Check_str ($string, $isurl =false){$string= Preg_replace ('/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]/','',$string);$string= Str_replace (Array (" /","%00","\ r"),'',$string); empty ($isurl)&& $string= Preg_replace ("/& (?! (#[0-9]+| [a-z]+];)/si",'&',$string);$string= Str_replace (Array ("%3c",'<'),'<',$string);$string= Str_replace (Array ("%3e",'>'),'>',$string);$string= Str_replace (Array ('"',"'","\ t",' '), Array ('"',''',' ',' '),$string);returnTrim ($string);}
Here are some of the filtering functions that are organized:
/** * Safety Filter Class-filter javascript,css,iframes,object and other unsafe parameters Filter Level High * Controller in use: $this->controller->fliter_script ( $value) * @param string $value The value to filter * @return string*/function Fliter_script ($value) {$value= Preg_replace ("/(javascript:)? On (click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/I ","&111n\\2", $value); $value= Preg_replace ("/(.*?) <\/script>/si","", $value); $value= Preg_replace ("/(.*?) <\/iframe>/si","", $value); $value= Preg_replace ("//iesu",'', $value);return$value;}/** * Security Filter class-Filter HTML tags * Use method in Controller: $this->controller->fliter_html ($value) * @param string $value The value to be filtered * @ return string*/function fliter_html ($value) {if(Function_exists ('Htmlspecialchars'))returnHtmlspecialchars ($value);returnStr_replace (Array ("&",'"',"'","<",">"), Array ("&","\"","'","<",">"), $value);}/** * Security filtering class-underline incoming data to prevent SQL injection * Controller usage: $this->controller->fliter_sql ($value) * @param string $value Values that need to be filtered * @return string*/function Fliter_sql ($value) {$sql= Array ("Select",'Insert',"Update","Delete","\'","\/\*", "\.\.\/","\.\/","Union"," into","Load_file","outfile"); $sql _re= Array ("","","","","","","","","","","","");returnstr_replace ($sql, $sql _re, $value);}/** * Security Filter Class-Universal Data filtering * Controller in use: $this->controller->fliter_escape ($value) * @param string $value the variable to be filtered * @ return String|array*/function Fliter_escape ($value) {if(Is_array ($value)) {foreach($value as$k =$v) {$value [$k]=self::fliter_str ($v); }} Else{$value=self::fliter_str ($value);}return$value;}/** * Security Filter Class-string filter filter special have harmful characters * use method in Controller: $this->controller->fliter_str ($value) * @param string $value Values that need to be filtered * @return string*/function Fliter_str ($value) {$badstr= Array (" /","%00","\ r",'&',' ','"',"'","<",">"," ","%3c","%3e"); $newstr= Array ('','','','&',' ','"',''', "<", ">", "", "<", ">");$value =str_replace ($badstr, $newstr, $value); $value= Preg_replace ('/& ((# (\d{3,5}|x[a-fa-f0-9]{4}));)/','&\\1', $value);return$value;}/** * Private Road Strength Security conversion * Controller use: $this->controller->filter_dir ($fileName) * @param string $fileName * @return String*/function Filter_dir ($fileName) {$tmpname=Strtolower ($fileName); $temp= Array (':/'," /","..");if(Str_replace ($temp,'', $tmpname)!==$tmpname) { return false;}return$fileName;}/** * Filter Directory * Use method in Controller: $this->controller->filter_path ($path) * @param string $path * @return Array*/ Publicfunction Filter_path ($path) {$path= Str_replace (Array ("'",'#','=','`','$','%','&',';'),'', $path);returnRTrim (Preg_replace ('/(\ \) {2,}| (\\\) {1,}/','/', $path),'/');}/** * Filter PHP Tags * Use method in Controller: $this->controller->filter_phptag ($string) * @param string $string * @return String*/ PublicFunction Filter_phptag ($string) {returnStr_replace (Array (''), Array ('
','?>'), $string);}/** * Safe Filter Class-return function * Controller in use method: $this->controller->str_out ($value) * @param string $value The value to be filtered * @return String*/ Publicfunction Str_out ($value) {$badstr= Array ("<",">","%3c","%3e"); $newstr= Array ("<",">","<",">"); $value=str_replace ($newstr, $badstr, $value);returnStripslashes ($value);//Underline}