php表单敏感字符过滤类_php技巧

本文实例讲述了php表单敏感字符过滤类及其用法。分享给大家供大家参考。具体分析如下:

复制代码 代码如下:

/**
* 表单生成验证文件
*/
$_form = new formHtmlFind();
class formHtmlFind{
        /**
         * 输出表单函数
         * $formKey  表单键
         * $infoArray 更新时的原始信息数组
         */
 
        public function formHtml($array,$infoArray='')
        {
                // 检测数组是否存在
                if(emptyempty($array))return false;
                $newform = null;
                // 信息数组(更新信息)
                $this->infoArray = !emptyempty($infoArray)?$infoArray:array();
                $this->array['class'] =  get_class_methods(get_class());
                foreach ($array as $key =>$arr)
                {
                        // 键值转换为纯英文
                        $key = preg_replace("/[^a-z]/i",'',$key);
                        // 生成表单
                        $newform .= $this->outputForm($arr,$key);
                }
                // 输出表单
                return $newform.$this->jsError();
        }
        /**
         * 生成表单函数
         */
        private function outputForm($arr,$key)
        {
                $value = null;
                if(emptyempty($arr))return false;
                // input Type
                $type   = $key;
                // input NAME
                $name   = trim($arr[0]);
                // input 初始值 不包含多选,单选类
                $value  = (!emptyempty($this->infoArray[$name]))? trim($this->infoArray[$name]):trim($arr[1]);
                $value  = emptyempty($this->post[$name])? $value :trim($this->post[$name]);
                // input Title
                $title  = trim($arr[2]);
                // 样式
                $style  = trim($arr[3]);
                if($key!=="hidden")
                {
                        $dt = "<dt>{$title}</dt><dd>";
                        // js错误提示
                        $dd = "<tt id="J{$name}"></tt></dd>rn";
                }
                return (!preg_match("/checkbox|select|radio/i",$key))?
                $dt.$this->newInput($type,$name,$value,$style,$title).$dd:
                $this->formSelect($type,$name,$arr[1],$title,$style); // 多选类
        }
        /**
         * 提交数据检测
         */
        public function postForm($array)
        {
                // 检测数组是否存在
                if(emptyempty($array)||emptyempty($_POST))return false;
                $this->post           =  $_POST;
                $this->array['class'] =  get_class_methods(get_class());
                foreach ($array as $key =>$arr)
                {
                        // 键值转换为纯英文
                        $key = preg_replace("/[^a-z]/i",'',$key);
                        // 检测 注销file类表单
                        if (!emptyempty($arr)&&'file' != $key)$newData[trim($arr[0])] = $this->postFind($arr,$key);
                }
                // 输出表单
                if(!emptyempty($this->error))
                {
                        return false;
                }
                else return $newData;
        }
        /**
         * 生成表单
         */
        private function newInput($type,$name,$value,$style,$title)
        {
                switch ($type)
                {
                        case 'text':
                                // 单行文本
                                return  "<input type="text" name="{$name}" value="{$value}" {$style}/>";
                                break;
                        case 'password':
                                //密码输入
                                return "<input type="password" name="{$name}" {$style}/>";
                                break;
                        case '':
                                //多行文本
                                return "<textarea name="{$name}" {$style}/>{$value}</textarea>";
                                break;
                        case 'hidden':
                                // 隐藏
                                return "<input type="hidden" name="{$name}" value="{$value}" {$style}/>";
                                break;
                        case 'file':
                                // 文件上传
                                return "<input type= "file"name="{$name}" {$style}/>";
                                break;
                        case 'submit':
                                // 提交
                                return "<input type="submit" name="{$name}" value="$value" $style}/>";
                                break;
                        default:
                                return "{$type}类型错误!!!";
                                break;
                }
        }
        /**
         * 提交信息检测
         * 错误返回error
         */
        private function postFind($arr,$key)
        {
                if(emptyempty($arr))return false;
                $name = $title =$error =$find =$standard =null;
                // input NAME
                $name     = trim($arr[0]);
                // input Title
                $title    = trim($arr[2]);
                // 错误提示
                $error    = trim($arr[4]);
                // 检测类型 Y N
                $find     = trim($arr[5]);
                // 检测标准
                $standard = trim($arr[6]);
                //
                if(!emptyempty($standard))$this->error .=$this->ck_split($standard,$name,$title,$find,$error);
                // 转换为字符串
                if(is_array($this->post[$name]))$this->post[$name] = implode(",",$this->post[$name]);
                // 转义或其他转化
                $KKarray = array();
                if(preg_match("/Y|N/is",$find))
                {
                        $KKarray       = split("_", $find);
                        // 转义或过滤
                        $escape_filter = (!emptyempty($KKarray[1]))?'ck_'.$KKarray[1]:'';
                        // 输出通过检测的合法数据
                        $data          = ($escape_filter)?$this->$escape_filter($this->post[$name]):$this->post[$name];
 
                }
                else  $data        = "";
                // 输出新的数据
                return $data;
        }
        /**
         * 多选类表单生成
         */
        private function formSelect($type,$name,$value,$title,$style)
        {
                $outform = null;
                // 触发更新和提交动作时的初始
                $nowvalue = (!emptyempty($this->post[$name]))?$this->post[$name]:$this->infoarray[$name];
                // 兼容多选的识别,转为数组
                if(!emptyempty($nowvalue))$valueArray = explode(",",$nowvalue);
                // 选项标题
                if(is_array($title))
                {
                        array_unshift($title,'选择');
                        $titarray = array_values($title);
                }else $titarray = explode("|",$title);
                // 选项值
                if(is_array($value))
                {
                        array_unshift($value,'选择');
                        $valarray  = array_keys($value);
                        if(emptyempty($title))$titarray = array_values($value);
                }
                else $valarray = explode("|",$value);
                // 取消表单的初始默认值
                if(!emptyempty($this->post)&&!emptyempty($this->infoArray))$value = preg_replace("/Y_/i",'',$value);
 
                foreach ($valarray as $key =>$varl)
                {
                        // 非默认的识别
                        if(!emptyempty($valueArray))$select   = (in_array($varl,$valueArray))?'Y':'';
                        //  判断是否为默认
                        else $select   = (eregi("Y_",$varl))? 'Y':'';
 
                        if($key >'0')
                        {
                                $_title=($titarray[$key])? $titarray[$key]:$title;
                                switch ($type)
                                {
                                        case 'select':
                                                if('Y' == $select)$select = 'selected';
                                                $outform .=        sprintf("<option %s value="%s"/>%s</option>rn"
                                                ,$select,preg_replace("/Y_/i",'',$varl),$_title);
                                                break;
                                        case 'radio':
                                                if('Y' == $select)$select = 'checked';
                                                $outform .= sprintf("<label>%s<input %s type="radio" name="%s" value="%s" %s/></label>rn",
                                                $_title,$select,$name,$varl,$style);
                                                break;
                                        case 'checkbox':
                                                if('Y' == $select)$select = 'checked';
                                                $outform .= sprintf("<label>%s<input %s type="checkbox" name="%s[]" value="%s" %s/></label>rn",$_title,$select,$name,$varl,$style);
                                                break;
                                }
                                $select =null;
                        }
                }
                // 下拉选择
                if($type =='select')$outform = sprintf('<select name="%s" %s>%s</select>',$name,$style,$outform);
                return sprintf("<dt>%s</dt><dd>%s<tt id="J%s"></tt></dd>rn",$titarray[0],$outform,$name);
        }
        /**
         * 表单验证 及全部 ck_类函数
         */
        private function ck_split($standard,$name,$title,$find,$error)
        {
                //  非必填缺省跳过
                if(eregi('N',$find) && emptyempty($this->post[$name]))return false;
                // 必填缺省检测
                if(eregi('Y',$find) && emptyempty($this->post[$name]))return "["J{$name}","$error"],";
                $t_error = null;
                // 多项检测
                $arr = explode(',',$standard);
                // POST数据检测
                if(!emptyempty($arr))foreach ($arr as $var)
                {
                        if(trim($var)!='')
                        {
                                switch ($this->post)
                                {
                                        case is_array($this->post[$name]):
                                                // 数组类的检测
                                                foreach ($this->post[$name] as $_var)
                                                {
                                                        $t_error.= ($this->ck_open($_var,trim($var)))?"":$error;
                                                        if($t_error)break;
                                                }
                                                break;
                                        default:
                                                $t_error.= ($this->ck_open($this->post[$name],trim($var)))?"":$error;
                                                break;
                                }
                                if($t_error)break;
                        }
                }
                return ($t_error)? "["J{$name}","$t_error"],":"";
        }
        // 函数调用
        private function ck_open($string,$str)
        {
                $functi = $this->ck_detected($str);
                return ($this->$functi($string,$str))? true:false;
        }
        // 类型判断
        private function ck_detected($str)
        {
                $detect = (eregi("^[a-zA-Z]*$",$str))? "{$str}Detect":'lengthDetect';
                if(!in_array($detect,$this->array['class']))
                {
                        location('index.php',$ck,' Lack of function !!!');
                }
                return $detect;
        }
        //-------------------------------------以下为检测函数可外部调用
        // 长度
        public function lengthDetect($string,$str){
                $len = split('-',trim($str));
                return (strlen($string) > ($len[0]-1) && strlen($string) < ($len[1]+1))? true:false;
        }
        // 价格
        public function moneyDetect($str){
                return preg_match("/^(-|+)?d+(.d+)?$/",$str);
        }
        // 邮件
        public function emailDetect($str){
                return preg_match("/^w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*$/", $str);
        }
        // 网址
        public function urlDetect($str){
                return preg_match("/^http://[A-Za-z0-9]+.[A-Za-z0-9]+[/=?%-&_~`@[]':+!]*([^<>"])*$/", $str);
        }
        // 数字型
        public function numDetect($str){
                return is_numeric($str);
        }
        // 中文
        public function cnDetect($str){
                return preg_match("/^[x7f-xff]+$/", $str);
        }
        // 字母
        public function enDetect($str){
                return preg_match("/^[A-Za-z]+$/", $str);
        }
        // 数字字母混合
        public function numenDetect($str){
                return preg_match("/^([a-zA-Z0-9_-])+$/",$str);
        }
        // 电话号码
        public function telDetect($str){
                return ereg("^[+]?[0-9]+([xX-][0-9]+)*$", $str);
        }
        // 敏感词
        public function keyDetect($str){
                return (!preg_match("/$badkey/i",$str));
        }
        //-----------------------------------------------------输出
        // 字符替换
        public function ck_filter($str){
                $str=(is_array($str))? implode(",",$str):$str;
                $str=nl2br($str); //将回车替换为<br>
                $str=htmlspecialchars($str); //将特殊字元转成 HTML 格式。
                //$str=str_replace(array(" ",'<? '),array(" ",'< ?'),$str); //替换空格替换为
                return $str;
        }
        // 转义
        function ck_escape($str)
        {
                if (!get_magic_quotes_gpc())return addslashes($str);
                return $str;
        }
        // MD5加密
        public function ck_md5($str){
                return  MD5($str);
        }
        // base64加密
        public function ck_base64($str){
                return  base64_encode($str);
        }
        // 时间
        function ck_time($str){
                // time_r() 来在公用函数文件
                if(!is_numeric($str))
                {
                        return time_r($str);
                }
                else return $str;
        }
        // 有条件注销(数字)
        public function ck_cancel($str){
                return (!is_numeric($str))? $str:"";
        }
        // 无条件注销
        public function ck_delete(){
                return null;
        }
        // js错误提示
        private function jsError()
        {
                if(emptyempty($this->error))return false;
                return  "
                <script  language=javascript> rn var error = new Array(".trim($this->error,',').");
                        rn for (i=0; i < error.length; i++){
                        rn document.getElementById(error[0]).innerHTML=error[1];
                         }rn </script>
                ";
        }
}
 
// 演示:
$form[1] =array(
'text'=>array('title','','产品名称','size=40','产品名称不可缺少!','Y','cn,1-30'),
'text1'=>array('categories','','产品名称','','','Y_base64'),
'select'=>array('superiors','||1|2|Y_3','产品类别|选择|1|2|3','','必选项','Y'),
'radio'=>array('superiors1','|1|Y_2|3','产品xun|产品1|产品2|产品3','','必选项','Y'),
'checkbox'=>array('superiors2',array(1=>'11',2=>'22',3=>'33'),'','','必选项','Y'),
'file'=>array('ddd','','文件'),
);
$form =array (
  'login' => 
  array (
    'text' => 
    array (
      0 => 'user',
      1 => '',
      2 => '用户名',
      3 => 'size=20',
      4 => '!',
      5 => 'Y',
      6 => 'numen,6-12',
    ),
    'password' => 
    array (
      0 => 'pass',
      1 => '',
      2 => '密 码',
      3 => 'size=22',
      4 => '密码格式错误!',
      5 => 'Y_md5',
      6 => 'numen,6-12',
    ),
    'radio' => 
    array (
      0 => 'time',
      1 => '|7200|3600|1800',
      2 => 'cookies有效时间|2小时|1小时|30分钟',
      3 => '',
      4 => '',
      5 => 'N_delete',
      6 => '',
    ),
  ),
  );
 
// 表单提交效验
$past = $_form->postForm($form['login']);
$dd = array('title'=>'标题','categories'=>'类别');
// $dd 为已有的信息(如更新时的信息输出) POST数据位内部处理具有优先权
if(!emptyempty($past))
{
        echo "<pre>";
        print_r($past);
        echo"</pre>";
}
echo '<form method="POST" NAME="PostTopic" action="" enctype="multipart/form-data" style="margin:0px;">';
echo $_form->formHtml($form['login'],$dd);
echo '<input type="submit" value="Y" name="B1"></form>';

希望本文所述对大家的PHP程序设计有所帮助。

时间: 2024-10-03 17:18:06

php表单敏感字符过滤类_php技巧的相关文章

php 表单敏感字符过滤代码

php 表单敏感字符过滤代码 /** * 表单生成验证文件 */ $_form = new formHtmlFind(); class formHtmlFind{         /**          * 输出表单函数          * $formKey  表单键          * $infoArray 更新时的原始信息数组          */         public function formHtml($array,$infoArray='')         {    

防止MySQL注入或HTML表单滥用的PHP程序_php技巧

MySQL注入的意图是接管网站数据库并窃取信息.常见的开源数据库,如MySQL,已经被许多网站开发人员用来储存重要信息,如密码,个人信息和管理信息. MySQL之所以流行,是因为它与最流行的服务器端脚本语言PHP一起使用.而且,PHP是主导互联网的Linux- Apache服务器的主要语言.因此,这意味着黑客可以很容易地利用PHP就像Windows的间谍软件一样. 黑客向一个无担保的网页表单输入大量恶意代码(通过下拉菜单,搜索框,联系表单,查询表单和复选框). 恶意代码将被送到MySQL数据库,

php文件上传表单摘自drupal的代码_php技巧

drupal文件上传表单的例子 复制代码 代码如下: function upload_form() { $form = array(); // If this #attribute is not present, upload will fail on submit $form['#attributes']['enctype'] = 'multipart/form-data'; $form['file_upload'] = array( '#title' => t('Upload file'),

PHP使用token防止表单重复提交的方法_php技巧

本文实例讲述了PHP使用token防止表单重复提交的方法.分享给大家供大家参考,具体如下: <?php /* * PHP使用token防止表单重复提交 * 此处理方法纯粹是为了给初学者参考 */ session_start(); function set_token() { $_SESSION['token'] = md5(microtime(true)); } function valid_token() { $return = $_REQUEST['token'] === $_SESSION

解决php表单重复提交实现方法_php技巧

重复提交是我们开发中会常碰到的一个问题,除了我们使用js来防止表单的重复提交,同时还可以使用php来防止重复提交哦. <?php /* * php中如何防止表单的重复提交 */ session_start(); if (empty($_SESSION['ip'])) {//第一次写入操作,判断是否记录了IP地址,以此知道是否要写入数据库 $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; //第一次写入,为后面刷新或后退的判断做个铺垫 //...........

php+html5使用FormData对象提交表单及上传图片的方法_php技巧

本文实例讲述了php+html5使用FormData对象提交表单及上传图片的方法.分享给大家供大家参考.具体分析如下: FormData 对象,可以把form中所有表单元素的name与value组成一个queryString,提交到后台.在使用Ajax提交时,使用FormData对象可以减少拼接queryString的工作量. 使用FormData对象 1.创建一个FormData空对象,然后使用append方法添加key/value 复制代码 代码如下: var formdata = new

基于PHP+Ajax实现表单验证的详解_php技巧

一,利用键盘响应,在不刷新本页面的情况下验证表单输入是否合法用户通过onkeydown和onkeyup事件来触发响应事件.使用方法和onclick事件类似.onkeydown表示当键盘上的键被按下时触发,onkeyup和它正好相反,当键盘上的键被按下又抬起时触发.两种常用调用方法:(1)将事件添加到页面元素中,当用户输入完信息后,单击任意键,onkeydown事件被触发,并调用refer()函数.这种方法最简单,最直接,格式如下: 复制代码 代码如下: <script type="text

ThinkPHP 防止表单重复提交的方法_php技巧

然而有一种情况,是防止不了的: 用户提交表单以后,点击浏览器后退按钮返回表单页面,这个时候浏览器会直接从缓存中取出页面,因此token验证一定是通不过的. 网上有许多种办法可以绕过这个问题,比如用location.replace()方法来替换当前历史记录,但是这样仍然有瑕疵.极端的情况,若用户在页面间切换多次,那么多点几次后退按钮很可能又回到了上一个表单页面. 解决办法是在http头中设置Cache-Control: no-cache, no-store.然而我尝试了无论是在页面head中添加

PHP更新购物车数量(表单部分/PHP处理部分)_php技巧

表单部分: 复制代码 代码如下: <form action="?action=edit_num" method="post" name="car<?php $c_rs['id'];?>" id="car<?php $c_rs['id'];?>"> <input name="suliang[<?php echo $c_rs['sp_id'];?>]" ty