欢迎各位兄弟 发布技术文章

这里的技术是共享的

You are here

post get 等过滤

shiping1 的头像
<?php
 
function safe_func_array($arr)
{
foreach ( $arr as $key => $value ) {
       $arr[$key] = safe_func($value);
}
return $arr;
}
 
 
function safe_func($str){
$vowels = array("\\","$","%","^","&","*",'<','>');
$str = str_replace($vowels, "", $str);
empty($str) && $str='';
return $str;
}
function safe_func_path($str){
$vowels = array("\\", "'", "\"");
$str = str_replace($vowels, "", $str);
empty($str) && $str='';
return $str;
}
 
function safe_get($varname , $vartype='str'){   return safe_core( $_GET , $varname , $vartype );}
function safe_post($varname , $vartype='str'){    return safe_core( $_POST , $varname , $vartype );}
function safe_cookie($varname , $vartype='str'){    return safe_core( $_COOKIE , $varname , $vartype );}
function safe_var($val){ $val = str_replace("\\","\\\\",$val); $val = str_replace("'","\\'",$val); return $val; }
//安全变量
function safe_core( $arr , $varname , $vartype )
{
filterArr($arr[$varname]);
 
if (get_magic_quotes_gpc())return $arr[$varname];
if($vartype=='int')return intval($arr[$varname]);
elseif($vartype=='str'||$vartype=='string'){
$val = $arr[$varname];
$val = str_replace("<","&lt;",$val);
$val = str_replace(">","&gt;",$val);
$arr[$key] = $val;
}
return $val;
}
//安全数组 (默认为其里面的元素为string)
function safe_array($arr)
{
filterArr($arr);
 
if (get_magic_quotes_gpc()){
return $arr;
}
foreach ($arr as $key => $val)
{
$val = str_replace("<","&lt;",$val);
$val = str_replace(">","&gt;",$val);
$arr[$key] = $val;
}
return $arr;
}
 
function filterArr($parameter){
if(is_array($parameter)){
foreach($parameter as $para){
filterArr($para);
}
}else if(preg_match("#\b(select|union|update|insert|or|delete)\b#i",$parameter)){
@header("content-type:text/html;charset=gbk");
exit('涉及非法关键字!');
}
}
普通分类: