php 表单敏感字符过滤代码
/** * 表单生成验证文件 */ $_form = new formHtmlFind(); class formHtmlFind{ /** * 输出表单函数 * $formKey 表单键 * $infoArray 更新时的原始信息数组 */ public function formHtml( $array , $infoArray = '' ) { // 检测数组是否存在 if ( empty empty ( $array )) return false; $newform = null; // 信息数组(更新信息) $this ->infoArray = ! empty empty ( $infoArray )? $infoArray : array (); $this -> array [ 'class' ] = get_class_methods(get_class()); foreach ( $array as $key => $arr ) { // 键值转换为纯英文 $key = preg_replace( "/[^a-z]/i" , '' , $key ); // 生成表单 $newform .= $this ->outputForm( $arr , $key ); } // 输出表单 return $newform . $this ->jsError(); } /** * 生成表单函数 */ private function outputForm( $arr , $key ) { $value = null; if ( empty empty ( $arr )) return false; // input Type $type = $key ; // input NAME $name = trim( $arr [0]); // input 初始值 不包含多选,单选类 $value = (! empty empty ( $this ->infoArray[ $name ]))? trim( $this ->infoArray[ $name ]):trim( $arr [1]); $value = empty empty ( $this ->post[ $name ])? $value :trim( $this ->post[ $name ]); // input Title $title = trim( $arr [2]); // 样式 $style = trim( $arr [3]); if ( $key !== "hidden" ) { $dt = "<dt>{$title}</dt><dd>" ; // js错误提示 $dd = "<tt id=" J{ $name } "></tt></dd>rn" ; } return (!preg_match( "/checkbox|select|radio/i" , $key ))? $dt . $this ->newInput( $type , $name , $value , $style , $title ). $dd : $this ->formSelect( $type , $name , $arr [1], $title , $style ); // 多选类 } /** * 提交数据检测 */ public function postForm( $array ) { // 检测数组是否存在 if ( empty empty ( $array )|| empty empty ( $_POST )) return false; $this ->post = $_POST ; $this -> array [ 'class' ] = get_class_methods(get_class()); foreach ( $array as $key => $arr ) { // 键值转换为纯英文 $key = preg_replace( "/[^a-z]/i" , '' , $key ); // 检测 注销file类表单 if (! empty empty ( $arr )&& 'file' != $key ) $newData [trim( $arr [0])] = $this ->postFind( $arr , $key ); } // 输出表单 if (! empty empty ( $this ->error)) { return false; } else return $newData ; } /** * 生成表单 */ private function newInput( $type , $name , $value , $style , $title ) { switch ( $type ) { case 'text' : // 单行文本 return "<input type=" text " name=" { $name } " value=" { $value } " {$style}/>" ; break ; case 'password' : //密码输入 return "<input type=" password " name=" { $name } " {$style}/>" ; break ; case '' : //多行文本 return "<textarea name=" { $name } " {$style}/>{$value}</textarea>" ; break ; case 'hidden' : // 隐藏 return "<input type=" hidden " name=" { $name } " value=" { $value } " {$style}/>" ; break ; case 'file' : // 文件上传 return "<input type= " file "name=" { $name } " {$style}/>" ; break ; case 'submit' : // 提交 return "<input type=" submit " name=" { $name } " value=" $value " $style}/>" ; break ; default : return "{$type}类型错误!!!" ; break ; } } /** * 提交信息检测 * 错误返回error */ private function postFind( $arr , $key ) { if ( empty empty ( $arr )) return false; $name = $title = $error = $find = $standard =null; // input NAME $name = trim( $arr [0]); // input Title $title = trim( $arr [2]); // 错误提示 $error = trim( $arr [4]); // 检测类型 Y N $find = trim( $arr [5]); // 检测标准 $standard = trim( $arr [6]); // if (! empty empty ( $standard )) $this ->error .= $this ->ck_split( $standard , $name , $title , $find , $error ); // 转换为字符串 if ( is_array ( $this ->post[ $name ])) $this ->post[ $name ] = implode( "," , $this ->post[ $name ]); // 转义或其他转化 $KKarray = array (); if (preg_match( "/Y|N/is" , $find )) { $KKarray = split( "_" , $find ); // 转义或过滤 $escape_filter = (! empty empty ( $KKarray [1]))? 'ck_' . $KKarray [1]: '' ; // 输出通过检测的合法数据 $data = ( $escape_filter )? $this -> $escape_filter ( $this ->post[ $name ]): $this ->post[ $name ]; } else $data = "" ; // 输出新的数据 return $data ; } /** * 多选类表单生成 */ private function formSelect( $type , $name , $value , $title , $style ) { $outform = null; // 触发更新和提交动作时的初始 $nowvalue = (! empty empty ( $this ->post[ $name ]))? $this ->post[ $name ]: $this ->infoarray[ $name ]; // 兼容多选的识别,转为数组 if (! empty empty ( $nowvalue )) $valueArray = explode ( "," , $nowvalue ); // 选项标题 if ( is_array ( $title )) { array_unshift ( $title , '选择' ); $titarray = array_values ( $title ); } else $titarray = explode ( "|" , $title ); // 选项值 if ( is_array ( $value )) { array_unshift ( $value , '选择' ); $valarray = array_keys ( $value ); if ( empty empty ( $title )) $titarray = array_values ( $value ); } else $valarray = explode ( "|" , $value ); // 取消表单的初始默认值 if (! empty empty ( $this ->post)&&! empty empty ( $this ->infoArray)) $value = preg_replace( "/Y_/i" , '' , $value ); foreach ( $valarray as $key => $varl ) { // 非默认的识别 if (! empty empty ( $valueArray )) $select = (in_array( $varl , $valueArray ))? 'Y' : '' ; // 判断是否为默认 else $select = ( eregi ( "Y_" , $varl ))? 'Y' : '' ; if ( $key > '0' ) { $_title =( $titarray [ $key ])? $titarray [ $key ]: $title ; switch ( $type ) { case 'select' : if ( 'Y' == $select ) $select = 'selected' ; $outform .= sprintf( "<option %s value=" %s "/>%s</option>rn" , $select ,preg_replace( "/Y_/i" , '' , $varl ), $_title ); break ; case 'radio' : if ( 'Y' == $select ) $select = 'checked' ; $outform .= sprintf( "<label>%s<input %s type=" radio " name=" %s " value=" %s " %s/></label>rn" , $_title , $select , $name , $varl , $style ); break ; case 'checkbox' : if ( 'Y' == $select ) $select = 'checked' ; $outform .= sprintf( "<label>%s<input %s type=" checkbox " name=" %s[] " value=" %s " %s/></label>rn" , $_title , $select , $name , $varl , $style ); break ; } $select =null; } } // 下拉选择 if ( $type == 'select' ) $outform = sprintf( '<select name="%s" %s>%s</select>' , $name , $style , $outform ); return sprintf( "<dt>%s</dt><dd>%s<tt id=" J%s "></tt></dd>rn" , $titarray [0], $outform , $name ); } /** * 表单验证 及全部 ck_类函数 */ private function ck_split( $standard , $name , $title , $find , $error ) { // 非必填缺省跳过 if ( eregi ( 'N' , $find ) && empty empty ( $this ->post[ $name ])) return false; // 必填缺省检测 if ( eregi ( 'Y' , $find ) && empty empty ( $this ->post[ $name ])) return "[" J{ $name } "," $error "]," ; $t_error = null; // 多项检测 $arr = explode ( ',' , $standard ); // POST数据检测 if (! empty empty ( $arr )) foreach ( $arr as $var ) { if (trim( $var )!= '' ) { switch ( $this ->post) { case is_array ( $this ->post[ $name ]): // 数组类的检测 foreach ( $this ->post[ $name ] as $_var ) { $t_error .= ( $this ->ck_open( $_var ,trim( $var )))? "" : $error ; if ( $t_error ) break ; } break ; default : $t_error .= ( $this ->ck_open( $this ->post[ $name ],trim( $var )))? "" : $error ; break ; } if ( $t_error ) break ; } } return ( $t_error )? "[" J{ $name } "," $t_error "]," : "" ; } // 函数调用 private function ck_open( $string , $str ) { $functi = $this ->ck_detected( $str ); return ( $this -> $functi ( $string , $str ))? true:false; } // 类型判断 private function ck_detected( $str ) { $detect = ( eregi ( "^[a-zA-Z]*$" , $str ))? "{$str}Detect" : 'lengthDetect' ; if (!in_array( $detect , $this -> array [ 'class' ])) { location( 'index.php' , $ck , ' Lack of function !!!' ); } return $detect ; } //-------------------------------------以下为检测函数可外部调用 // 长度 public function lengthDetect( $string , $str ){ $len = split( '-' ,trim( $str )); return ( strlen ( $string ) > ( $len [0]-1) && strlen ( $string ) < ( $len [1]+1))? true:false; } // 价格 public function moneyDetect( $str ){ return preg_match( "/^(-|+)?d+(.d+)?$/" , $str ); } // 邮件 public function emailDetect( $str ){ return preg_match( "/^w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*$/" , $str ); } // 网址 public function urlDetect( $str ){ return preg_match( "/^http://[A-Za-z0-9]+.[A-Za-z0-9]+[/=?%-&_~`@[]':+!]*([^<>" ])*$/", $str ); } // 数字型 public function numDetect( $str ){ return is_numeric ( $str ); } // 中文 public function cnDetect( $str ){ return preg_match( "/^[x7f-xff]+$/" , $str ); } // 字母 public function enDetect( $str ){ return preg_match( "/^[A-Za-z]+$/" , $str ); } // 数字字母混合 public function numenDetect( $str ){ return preg_match( "/^([a-zA-Z0-9_-])+$/" , $str ); } // 电话号码 public function telDetect( $str ){ return ereg ( "^[+]?[0-9]+([xX-][0-9]+)*$" , $str ); } // 敏感词 public function keyDetect( $str ){ return (!preg_match( "/$badkey/i" , $str )); } //-----------------------------------------------------输出 // 字符替换 public function ck_filter( $str ){ $str =( is_array ( $str ))? implode( "," , $str ): $str ; $str = nl2br ( $str ); //将回车替换为<br> $str =htmlspecialchars( $str ); //将特殊字元转成 HTML 格式。 //$str=str_replace(array(" ",'<? '),array(" ",'< ?'),$str); //替换空格替换为 return $str ; } // 转义 function ck_escape( $str ) { if (!get_magic_quotes_gpc()) return addslashes ( $str ); return $str ; } // MD5加密 public function ck_md5( $str ){ return MD5( $str ); } // base64加密 public function ck_base64( $str ){ return base64_encode ( $str ); } // 时间 function ck_time( $str ){ // time_r() 来在公用函数文件 if (! is_numeric ( $str )) { return time_r( $str ); } else return $str ; } // 有条件注销(数字) public function ck_cancel( $str ){ return (! is_numeric ( $str ))? $str : "" ; } // 无条件注销 public function ck_delete(){ return null; } // js错误提示 private function jsError() { if ( empty empty ( $this ->error)) return false; return " <script language=javascript> rn var error = new Array( ".trim($this->error,',')." ); rn for (i=0; i < error.length; i++){ rn document.getElementById(error[0]).innerHTML=error[1]; }rn </script> "; } } // 演示: $form [1] = array ( 'text' => array ( 'title' , '' , '产品名称' , 'size=40' , '产品名称不可缺少!' , 'Y' , 'cn,1-30' ), 'text1' => array ( 'categories' , '' , '产品名称' , '' , '' , 'Y_base64' ), 'select' => array ( 'superiors' , '||1|2|Y_3' , '产品类别|选择|1|2|3' , '' , '必选项' , 'Y' ), 'radio' => array ( 'superiors1' , '|1|Y_2|3' , '产品xun|产品1|产品2|产品3' , '' , '必选项' , 'Y' ), 'checkbox' => array ( 'superiors2' , array (1=> '11' ,2=> '22' ,3=> '33' ), '' , '' , '必选项' , 'Y' ), 'file' => array ( 'ddd' , '' , '文件' ), ); $form = array ( 'login' => array ( 'text' => array ( 0 => 'user' , 1 => '' , 2 => '用户名' , 3 => 'size=20' , 4 => '!' , 5 => 'Y' , 6 => 'numen,6-12' , ), 'password' => array ( 0 => 'pass' , 1 => '' , 2 => '密 码' , 3 => 'size=22' , 4 => '密码格式错误!' , 5 => 'Y_md5' , 6 => 'numen,6-12' , ), 'radio' => array ( 0 => 'time' , 1 => '|7200|3600|1800' , 2 => 'cookies有效时间|2小时|1小时|30分钟' , 3 => '' , 4 => '' , 5 => 'N_delete' , 6 => '' , ), ), ); // 表单提交效验 $past = $_form ->postForm( $form [ 'login' ]); $dd = array ( 'title' => '标题' , 'categories' => '类别' ); // $dd 为已有的信息(如更新时的信息输出) POST数据位内部处理具有优先权//开源代码phpfensi测试数据 if (! empty empty ( $past )) { echo "<pre>" ; print_r( $past ); echo "</pre>" ; } echo '<form method="POST" NAME="PostTopic" action="" enctype="multipart/form-data" style="margin:0px;">' ; echo $_form ->formHtml( $form [ 'login' ], $dd ); echo '<input type="submit" value="Y" name="B1"></form>' ;查看更多关于php 表单敏感字符过滤代码 - php类库的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://www.haodehen.cn/did29533