数据过滤、格式化用户输入 php札记
日期:2014-05-17 浏览次数:20354 次
数据过滤、格式化用户输入 php笔记
1.过滤
abstract class Filter{
protected $blackstr = array();
protected $whitestr = array();
abstract function filtit($str);
}
//过滤用户名的特殊符号
class LoginFilter extends Filter {
function filtit($str){
$this->blackstr = array("/[\x7f-\xff]/","/\W/");
return preg_replace($this->blackstr,"",$str);
}
}
//对输入的文本框内容过滤
class EditFilter extends Filter {
function filtit($str){
$this->blackstr = array("/\&/", "/\"/", "/\"/", "/\</", "/\>/",
"/\\\\/", "/\//", "/-/", "/\*/", "/ /" );
$this->whitestr = array("&","'","<",">","\'","/","-","*"," ");
return preg_replace($this->blackstr,$this->whitestr,$str);
}
}
2.//用户的留言是一段代码:比如是js脚本;那么怎样及时避免数据的危害,取出数据时又正确显示
$js = "<script>alert('look me');</script>";//假设用户输入的是脚本
//$str1 = base64_encode($js);//使用 MIME base64 对数据进行编码
//echo $str1."<br>";
//$str2 = base64_decode($str1);//
echo htmlspecialchars($js);//转换特殊字符为HTML字符编码
1.过滤
abstract class Filter{
protected $blackstr = array();
protected $whitestr = array();
abstract function filtit($str);
}
//过滤用户名的特殊符号
class LoginFilter extends Filter {
function filtit($str){
$this->blackstr = array("/[\x7f-\xff]/","/\W/");
return preg_replace($this->blackstr,"",$str);
}
}
//对输入的文本框内容过滤
class EditFilter extends Filter {
function filtit($str){
$this->blackstr = array("/\&/", "/\"/", "/\"/", "/\</", "/\>/",
"/\\\\/", "/\//", "/-/", "/\*/", "/ /" );
$this->whitestr = array("&","'","<",">","\'","/","-","*"," ");
return preg_replace($this->blackstr,$this->whitestr,$str);
}
}
2.//用户的留言是一段代码:比如是js脚本;那么怎样及时避免数据的危害,取出数据时又正确显示
$js = "<script>alert('look me');</script>";//假设用户输入的是脚本
//$str1 = base64_encode($js);//使用 MIME base64 对数据进行编码
//echo $str1."<br>";
//$str2 = base64_decode($str1);//
echo htmlspecialchars($js);//转换特殊字符为HTML字符编码
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
