Generally, php can accept the data form POST submitted by the user and GET in the address bar in the following ways. no matter which path, we cannot trust the data entered by the user, all are filtered by the program. Common data filtering is given below
Generally, php can accept the data form POST submitted by the user and GET in the address bar in the following ways. no matter which path, we cannot trust the data entered by the user, all are filtered by the program. The following describes common data filtering functions.
Flat view printing?
| 01 |
FunctioninitUserInput () |
| 03 |
$ _ Data = array ($ _ GET, $ _ POST, $ _ COOKIE ); |
| 05 |
Foreach ($ _ dataAS $ input) |
| 07 |
If (is_array ($ input )) |
| 09 |
Foreach ($ inputas $ k => $ v) |
| 11 |
$ K = filter_key ($ k ); |
| 12 |
// Two-dimensional array filtering is not taken into consideration. |
| 15 |
Foreach ($ vas $ k1 => $ v1) |
| 17 |
$ K1 = filter_key ($ k1 ); |
| 18 |
$ Return [$ k] [$ k1] = filter_value ($ v1 ); |
| 23 |
$ Return [$ k] = filter_value ($ v ); |
| 28 |
// Disable the global variables |
| 29 |
Unset ($ _ GET, $ _ POST, $ _ COOKIE ); |
| 32 |
// The key used to filter out super-global variables is actually the parameter name in the address bar and the form name. |
| 33 |
Functionfilter_key ($ key) |
| 35 |
If (is_numeric ($ key )) |
| 39 |
Elseif (empty ($ key )) |
| 43 |
// Filter '..', which is related to the system's directory structure |
| 44 |
If (strpos ($ key ,'..')! = False) |
| 46 |
$ Key = str_replace ('..', '', $ key ); |
| 48 |
// This is related to the magic constant and the magic method. |
| 49 |
If (strpos ($ key ,'__')! = False) |
| 51 |
$ Key = preg_replace ('/__(? :. + ?) _/', '', $ Key ); |
| 53 |
// Only numbers, letters, and underscores are allowed.-only numbers and letters must start with an underscore. |
| 54 |
Returnpreg_replace ('/^ ([\ w \. \-_] +) $/', '\ 1', $ key ); |
| 56 |
Functionfilter_value ($ val) |
| 58 |
// When an html field exists in the form, it indicates that the pure html code is required and does not need to be filtered. |
| 59 |
If ($ _ REQUEST ['HTML ']) |
| 63 |
If (is_numeric ($ val )) |
| 67 |
Elseif (empty ($ val )) |
| 69 |
Returnis_array ($ val )? Array ():''; |
| 71 |
// Filter javascript code |
| 72 |
$ Val = preg_replace ("/ |
