PHP 接受提交变量过滤类
Filter.class.php :
1 <?php 2 class Filter{ 3 4 /** 5 * 将\n转化为<br/> 6 * 7 * @param string $string 待转换的字符串 8 * @return string 9 */ 10 static public function nl2br($string){ 11 return nl2br($string); 12 } 13 14 /** 15 * 将<br/>转化为\n 16 * 17 * @param string $string 待转换的字符串 18 * @return string 19 */ 20 static public function br2nl($string){ 21 $array = array('<br>', '<br/>'); 22 return str_replace($array, "\n", $string); 23 } 24 25 /** 26 * 多个连续空格只保留一个 27 * @param $string 待转换的字符串 28 * @return mixed 29 */ 30 static public function mergeSpaces($string){ 31 return preg_replace("/\s(?=\s)/","\\1", $string); 32 } 33 34 /** 35 * 过滤字符串中开头和结尾的特定字符 36 * @param string $string 待转换的字符串 37 * @param string $char_list 要转换的特定字符列表 38 * @return string 39 */ 40 static public function trim($string, $char_list='\\\\s'){ 41 42 $chars = preg_replace( 43 array( '/[\^\-\]\\\]/S', '/\\\{4}/S', '/\//'), 44 array( '\\\\\\0', '\\', '\/' ), 45 $char_list); 46 $pattern = '^[' . $chars . ']*|[' . $chars . ']*'; 47 48 return preg_replace("/$pattern/sSD", '', $string); 49 } 50 51 /** 52 * 过滤特殊字符 53 * 54 * @param string $string 待转换的字符串 55 * @return string 56 */ 57 static public function filterSpecial($string) 58 { 59 $search = array ( 60 "'<script[^>]*?>.*?</script>'si", // 去掉 javascript 61 "'([\r\n\s])'", // 去掉空白字符 62 "'(\')'" // 替换英文'为中文’ 63 ); 64 65 $replace = array ("","","’",); 66 67 return preg_replace ($search, $replace, $string); 68 } 69 70 /** 71 * 过滤HTML标记 72 * 73 * @param string $string 需过滤内容 74 * @return string 75 */ 76 static public function filterHtml($string) 77 { 78 $search = array ( 79 "'<script[^>]*?>.*?</script>'si", // 去掉 javascript 80 "'<[\/\!]*?[^<>]*?>'si", // 去掉 HTML 标记 81 "'([\r\n\s])'" , // 去掉空白字符 82 "'(\')'" // 替换英文'为中文’ 83 ); 84 85 $replace = array ("","","","’"); 86 87 return preg_replace ($search, $replace, $string); 88 } 89 90 /** 91 * 过滤字符串 92 * @param string $string 待转换的字符串 93 * @return string 94 */ 95 static public function filterString($string) 96 { 97 98 $search = array ( 99 "'<script[^>]*?>.*?</script>'si", 100 "'<[\/\!]*?[^<>]*?>'si", 101 "'[\r\n]|[\s]+'", 102 "'&(lt|#60);'i", 103 "'\''", 104 "'&(gt|#62);'i", 105 "'[<]|[>]'", 106 "'delete'i", 107 "'update'i", 108 "'sele'i", 109 "'insert'i", 110 "'into'i", 111 "'where'i", 112 "'set'i", 113 "'from'i", 114 "'script'i", 115 "'value'i", 116 "'exe'i", 117 "'localgroup'i", 118 "'chr'i", 119 "'truncate'i", 120 "'sysobjects'i", 121 "'syscolumns'i", 122 "'master'i", 123 "'/add'i", 124 "'cmdshell'i", 125 "'drop'i", 126 "'\\\'"); 127 128 $replace = array(""); 129 130 return preg_replace($search, $replace,$string); 131 } 132 133 static public function filterContent($string) 134 { 135 $search = array ("'<script[^>]*?>.*?</script>'si", // 去掉 javascript 136 "'\''", 137 "'&(lt|#60);'i", 138 "'&(gt|#62);'i", 139 "'delete'i", 140 "'update'i", 141 "'into'i", 142 "'where'i", 143 "'set'i", 144 "'sele'i", 145 "'insert'i", 146 "'from'i", 147 "'value'i", 148 "'exe'i", 149 "'localgroup'i", 150 "'chr'i", 151 "'truncate'i", 152 "'sysobjects'i", 153 "'syscolumns'i", 154 "'master'i", 155 "'/add'i", 156 "'cmdshell'i", 157 "'drop'i", 158 "'\\\'"); 159 160 $replace = array (""); 161 162 return preg_replace($search, $replace, $string); 163 } 164 165 static public function filterEditor($string){ 166 167 $search = array ( 168 "'<[\/\!]*?span[^<>]*?>'si", // 去掉 span 169 "'<[\/\!]*?div[^<>]*?>'si", // 去掉 div 170 ); 171 172 $replace = array (""); 173 174 return preg_replace($search, $replace, $string); 175 } 176 } 177 ?>
//php 页面调用
pc_base::load_app_class('Filter','user');
$wxid = !empty($_REQUEST['wxid']) ? Filter::filterString($_REQUEST['wxid']) : '';