php表单敏感字符过滤类


Posted in PHP onDecember 08, 2014

本文实例讲述了php表单敏感字符过滤类及其用法。分享给大家供大家参考。具体分析如下:

/** 

* 表单生成验证文件 

*/ 

$_form = new formHtmlFind(); 

class formHtmlFind{ 

        /** 

         * 输出表单函数 

         * $formKey  表单键 

         * $infoArray 更新时的原始信息数组 

         */ 

 

        public function formHtml($array,$infoArray='') 

        { 

                // 检测数组是否存在 

                if(emptyempty($array))return false; 

                $newform = null; 

                // 信息数组(更新信息) 

                $this->infoArray = !emptyempty($infoArray)?$infoArray:array(); 

                $this->array['class'] =  get_class_methods(get_class()); 

                foreach ($array as $key =>$arr) 

                { 

                        // 键值转换为纯英文 

                        $key = preg_replace("/[^a-z]/i",'',$key); 

                        // 生成表单 

                        $newform .= $this->outputForm($arr,$key); 

                } 

                // 输出表单 

                return $newform.$this->jsError(); 

        } 

        /** 

         * 生成表单函数 

         */ 

        private function outputForm($arr,$key) 

        { 

                $value = null; 

                if(emptyempty($arr))return false; 

                // input Type 

                $type   = $key; 

                // input NAME 

                $name   = trim($arr[0]); 

                // input 初始值 不包含多选,单选类 

                $value  = (!emptyempty($this->infoArray[$name]))? trim($this->infoArray[$name]):trim($arr[1]); 

                $value  = emptyempty($this->post[$name])? $value :trim($this->post[$name]); 

                // input Title 

                $title  = trim($arr[2]); 

                // 样式 

                $style  = trim($arr[3]); 

                if($key!=="hidden") 

                { 

                        $dt = "<dt>{$title}</dt><dd>"; 

                        // js错误提示 

                        $dd = "<tt id="J{$name}"></tt></dd>rn"; 

                } 

                return (!preg_match("/checkbox|select|radio/i",$key))? 

                $dt.$this->newInput($type,$name,$value,$style,$title).$dd: 

                $this->formSelect($type,$name,$arr[1],$title,$style); // 多选类 

        } 

        /** 

         * 提交数据检测 

         */ 

        public function postForm($array) 

        { 

                // 检测数组是否存在 

                if(emptyempty($array)||emptyempty($_POST))return false; 

                $this->post           =  $_POST; 

                $this->array['class'] =  get_class_methods(get_class()); 

                foreach ($array as $key =>$arr) 

                { 

                        // 键值转换为纯英文 

                        $key = preg_replace("/[^a-z]/i",'',$key); 

                        // 检测 注销file类表单 

                        if (!emptyempty($arr)&&'file' != $key)$newData[trim($arr[0])] = $this->postFind($arr,$key); 

                } 

                // 输出表单 

                if(!emptyempty($this->error)) 

                { 

                        return false; 

                } 

                else return $newData; 

        } 

        /** 

         * 生成表单 

         */ 

        private function newInput($type,$name,$value,$style,$title) 

        { 

                switch ($type) 

                { 

                        case 'text': 

                                // 单行文本 

                                return  "<input type="text" name="{$name}" value="{$value}" {$style}/>"; 

                                break; 

                        case 'password': 

                                //密码输入 

                                return "<input type="password" name="{$name}" {$style}/>"; 

                                break; 

                        case '': 

                                //多行文本 

                                return "<textarea name="{$name}" {$style}/>{$value}</textarea>"; 

                                break; 

                        case 'hidden': 

                                // 隐藏 

                                return "<input type="hidden" name="{$name}" value="{$value}" {$style}/>"; 

                                break; 

                        case 'file': 

                                // 文件上传 

                                return "<input type= "file"name="{$name}" {$style}/>"; 

                                break; 

                        case 'submit': 

                                // 提交 

                                return "<input type="submit" name="{$name}" value="$value" $style}/>"; 

                                break; 

                        default: 

                                return "{$type}类型错误!!!"; 

                                break; 

                } 

        } 

        /** 

         * 提交信息检测 

         * 错误返回error 

         */ 

        private function postFind($arr,$key) 

        { 

                if(emptyempty($arr))return false; 

                $name = $title =$error =$find =$standard =null; 

                // input NAME 

                $name     = trim($arr[0]); 

                // input Title 

                $title    = trim($arr[2]); 

                // 错误提示 

                $error    = trim($arr[4]); 

                // 检测类型 Y N 

                $find     = trim($arr[5]); 

                // 检测标准 

                $standard = trim($arr[6]); 

                // 

                if(!emptyempty($standard))$this->error .=$this->ck_split($standard,$name,$title,$find,$error); 

                // 转换为字符串 

                if(is_array($this->post[$name]))$this->post[$name] = implode(",",$this->post[$name]); 

                // 转义或其他转化 

                $KKarray = array(); 

                if(preg_match("/Y|N/is",$find)) 

                { 

                        $KKarray       = split("_", $find); 

                        // 转义或过滤 

                        $escape_filter = (!emptyempty($KKarray[1]))?'ck_'.$KKarray[1]:''; 

                        // 输出通过检测的合法数据 

                        $data          = ($escape_filter)?$this->$escape_filter($this->post[$name]):$this->post[$name]; 

 

                } 

                else  $data        = ""; 

                // 输出新的数据 

                return $data; 

        } 

        /** 

         * 多选类表单生成 

         */ 

        private function formSelect($type,$name,$value,$title,$style) 

        { 

                $outform = null; 

                // 触发更新和提交动作时的初始 

                $nowvalue = (!emptyempty($this->post[$name]))?$this->post[$name]:$this->infoarray[$name]; 

                // 兼容多选的识别,转为数组 

                if(!emptyempty($nowvalue))$valueArray = explode(",",$nowvalue); 

                // 选项标题 

                if(is_array($title)) 

                { 

                        array_unshift($title,'选择'); 

                        $titarray = array_values($title); 

                }else $titarray = explode("|",$title); 

                // 选项值 

                if(is_array($value)) 

                { 

                        array_unshift($value,'选择'); 

                        $valarray  = array_keys($value); 

                        if(emptyempty($title))$titarray = array_values($value); 

                } 

                else $valarray = explode("|",$value); 

                // 取消表单的初始默认值 

                if(!emptyempty($this->post)&&!emptyempty($this->infoArray))$value = preg_replace("/Y_/i",'',$value); 

 

                foreach ($valarray as $key =>$varl) 

                { 

                        // 非默认的识别 

                        if(!emptyempty($valueArray))$select   = (in_array($varl,$valueArray))?'Y':''; 

                        //  判断是否为默认 

                        else $select   = (eregi("Y_",$varl))? 'Y':''; 

 

                        if($key >'0') 

                        { 

                                $_title=($titarray[$key])? $titarray[$key]:$title; 

                                switch ($type) 

                                { 

                                        case 'select': 

                                                if('Y' == $select)$select = 'selected'; 

                                                $outform .=        sprintf("<option %s value="%s"/>%s</option>rn" 

                                                ,$select,preg_replace("/Y_/i",'',$varl),$_title); 

                                                break; 

                                        case 'radio': 

                                                if('Y' == $select)$select = 'checked'; 

                                                $outform .= sprintf("<label>%s<input %s type="radio" name="%s" value="%s" %s/></label>rn", 

                                                $_title,$select,$name,$varl,$style); 

                                                break; 

                                        case 'checkbox': 

                                                if('Y' == $select)$select = 'checked'; 

                                                $outform .= sprintf("<label>%s<input %s type="checkbox" name="%s[]" value="%s" %s/></label>rn",$_title,$select,$name,$varl,$style); 

                                                break; 

                                } 

                                $select =null; 

                        } 

                } 

                // 下拉选择 

                if($type =='select')$outform = sprintf('<select name="%s" %s>%s</select>',$name,$style,$outform); 

                return sprintf("<dt>%s</dt><dd>%s<tt id="J%s"></tt></dd>rn",$titarray[0],$outform,$name); 

        } 

        /** 

         * 表单验证 及全部 ck_类函数 

         */ 

        private function ck_split($standard,$name,$title,$find,$error) 

        { 

                //  非必填缺省跳过 

                if(eregi('N',$find) && emptyempty($this->post[$name]))return false; 

                // 必填缺省检测 

                if(eregi('Y',$find) && emptyempty($this->post[$name]))return "["J{$name}","$error"],"; 

                $t_error = null; 

                // 多项检测 

                $arr = explode(',',$standard); 

                // POST数据检测 

                if(!emptyempty($arr))foreach ($arr as $var) 

                { 

                        if(trim($var)!='') 

                        { 

                                switch ($this->post) 

                                { 

                                        case is_array($this->post[$name]): 

                                                // 数组类的检测 

                                                foreach ($this->post[$name] as $_var) 

                                                { 

                                                        $t_error.= ($this->ck_open($_var,trim($var)))?"":$error; 

                                                        if($t_error)break; 

                                                } 

                                                break; 

                                        default: 

                                                $t_error.= ($this->ck_open($this->post[$name],trim($var)))?"":$error; 

                                                break; 

                                } 

                                if($t_error)break; 

                        } 

                } 

                return ($t_error)? "["J{$name}","$t_error"],":""; 

        } 

        // 函数调用 

        private function ck_open($string,$str) 

        { 

                $functi = $this->ck_detected($str); 

                return ($this->$functi($string,$str))? true:false; 

        } 

        // 类型判断 

        private function ck_detected($str) 

        { 

                $detect = (eregi("^[a-zA-Z]*$",$str))? "{$str}Detect":'lengthDetect'; 

                if(!in_array($detect,$this->array['class'])) 

                { 

                        location('index.php',$ck,' Lack of function !!!'); 

                } 

                return $detect; 

        } 

        //-------------------------------------以下为检测函数可外部调用 

        // 长度 

        public function lengthDetect($string,$str){ 

                $len = split('-',trim($str)); 

                return (strlen($string) > ($len[0]-1) && strlen($string) < ($len[1]+1))? true:false; 

        } 

        // 价格 

        public function moneyDetect($str){ 

                return preg_match("/^(-|+)?d+(.d+)?$/",$str); 

        } 

        // 邮件 

        public function emailDetect($str){ 

                return preg_match("/^w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*$/", $str); 

        } 

        // 网址 

        public function urlDetect($str){ 

                return preg_match("/^http://[A-Za-z0-9]+.[A-Za-z0-9]+[/=?%-&_~`@[]':+!]*([^<>"])*$/", $str); 

        } 

        // 数字型 

        public function numDetect($str){ 

                return is_numeric($str); 

        } 

        // 中文 

        public function cnDetect($str){ 

                return preg_match("/^[x7f-xff]+$/", $str); 

        } 

        // 字母 

        public function enDetect($str){ 

                return preg_match("/^[A-Za-z]+$/", $str); 

        } 

        // 数字字母混合 

        public function numenDetect($str){ 

                return preg_match("/^([a-zA-Z0-9_-])+$/",$str); 

        } 

        // 电话号码 

        public function telDetect($str){ 

                return ereg("^[+]?[0-9]+([xX-][0-9]+)*$", $str); 

        } 

        // 敏感词 

        public function keyDetect($str){ 

                return (!preg_match("/$badkey/i",$str)); 

        } 

        //-----------------------------------------------------输出 

        // 字符替换 

        public function ck_filter($str){ 

                $str=(is_array($str))? implode(",",$str):$str; 

                $str=nl2br($str); //将回车替换为<br> 

                $str=htmlspecialchars($str); //将特殊字元转成 HTML 格式。 

                //$str=str_replace(array(" ",'<? '),array(" ",'< ?'),$str); //替换空格替换为 

                return $str; 

        } 

        // 转义 

        function ck_escape($str) 

        { 

                if (!get_magic_quotes_gpc())return addslashes($str); 

                return $str; 

        } 

        // MD5加密 

        public function ck_md5($str){ 

                return  MD5($str); 

        } 

        // base64加密 

        public function ck_base64($str){ 

                return  base64_encode($str); 

        } 

        // 时间 

        function ck_time($str){ 

                // time_r() 来在公用函数文件 

                if(!is_numeric($str)) 

                { 

                        return time_r($str); 

                } 

                else return $str; 

        } 

        // 有条件注销(数字) 

        public function ck_cancel($str){ 

                return (!is_numeric($str))? $str:""; 

        } 

        // 无条件注销 

        public function ck_delete(){ 

                return null; 

        } 

        // js错误提示 

        private function jsError() 

        { 

                if(emptyempty($this->error))return false; 

                return  " 

                <script  language=javascript> rn var error = new Array(".trim($this->error,',')."); 

                        rn for (i=0; i < error.length; i++){ 

                        rn document.getElementById(error[0]).innerHTML=error[1]; 

                         }rn </script> 

                "; 

        } 

} 

 

// 演示: 

$form[1] =array( 

'text'=>array('title','','产品名称','size=40','产品名称不可缺少!','Y','cn,1-30'), 

'text1'=>array('categories','','产品名称','','','Y_base64'), 

'select'=>array('superiors','||1|2|Y_3','产品类别|选择|1|2|3','','必选项','Y'), 

'radio'=>array('superiors1','|1|Y_2|3','产品xun|产品1|产品2|产品3','','必选项','Y'), 

'checkbox'=>array('superiors2',array(1=>'11',2=>'22',3=>'33'),'','','必选项','Y'), 

'file'=>array('ddd','','文件'), 

); 

$form =array ( 

  'login' =>  

  array ( 

    'text' =>  

    array ( 

      0 => 'user', 

      1 => '', 

      2 => '用户名', 

      3 => 'size=20', 

      4 => '!', 

      5 => 'Y', 

      6 => 'numen,6-12', 

    ), 

    'password' =>  

    array ( 

      0 => 'pass', 

      1 => '', 

      2 => '密 码', 

      3 => 'size=22', 

      4 => '密码格式错误!', 

      5 => 'Y_md5', 

      6 => 'numen,6-12', 

    ), 

    'radio' =>  

    array ( 

      0 => 'time', 

      1 => '|7200|3600|1800', 

      2 => 'cookies有效时间|2小时|1小时|30分钟', 

      3 => '', 

      4 => '', 

      5 => 'N_delete', 

      6 => '', 

    ), 

  ), 

  ); 

 

// 表单提交效验 

$past = $_form->postForm($form['login']); 

$dd = array('title'=>'标题','categories'=>'类别'); 

// $dd 为已有的信息(如更新时的信息输出) POST数据位内部处理具有优先权

if(!emptyempty($past)) 

{ 

        echo "<pre>"; 

        print_r($past); 

        echo"</pre>"; 

} 

echo '<form method="POST" NAME="PostTopic" action="" enctype="multipart/form-data" style="margin:0px;">'; 

echo $_form->formHtml($form['login'],$dd); 

echo '<input type="submit" value="Y" name="B1"></form>';

希望本文所述对大家的PHP程序设计有所帮助。

PHP 相关文章推荐
无数据库的详细域名查询程序PHP版(5)
Oct 09 PHP
PHP curl_setopt()函数实例代码与参数分析
Jun 02 PHP
pdo中使用参数化查询sql
Aug 11 PHP
php后台多用户权限组思路与实现程序代码分享
Feb 13 PHP
php中的PHP_EOL换行符详细解析
Oct 26 PHP
php批量删除数据库下指定前缀的表以prefix_为例
Aug 24 PHP
PHP实现的简单三角形、矩形周长面积计算器分享
Nov 18 PHP
如何利用http协议发布博客园博文评论
Aug 03 PHP
Twig模板引擎用法入门教程
Jan 20 PHP
浅谈Laravel队列实现原理解决问题记录
Aug 19 PHP
实现php删除链表中重复的结点
Sep 27 PHP
Laravel 实现在Blade模版中使用全局变量代替路径的例子
Oct 22 PHP
php网页病毒清除类
Dec 08 #PHP
ThinkPHP入口文件设置及相关注意事项分析
Dec 05 #PHP
简单实用的PHP防注入类实例
Dec 05 #PHP
ThinkPHP连接数据库的方式汇总
Dec 05 #PHP
PHP生成RSS文件类实例
Dec 05 #PHP
php实现两表合并成新表并且有序排列的方法
Dec 05 #PHP
ThinkPHP中redirect用法分析
Dec 05 #PHP
You might like
第七节 类的静态成员 [7]
2006/10/09 PHP
php采集速度探究总结(原创)
2008/04/18 PHP
ThinkPHP与PHPExcel冲突解决方法
2011/08/08 PHP
php预定义变量使用帮助(带实例)
2013/10/30 PHP
PHP实现采集中国天气网未来7天天气
2014/10/15 PHP
php+ajax制作无刷新留言板
2015/10/27 PHP
linux平台编译安装PHP7并安装Redis扩展与Swoole扩展实例教程
2016/09/30 PHP
浅谈PHP发送HTTP请求的几种方式
2017/07/25 PHP
Javascript模块化编程(三)require.js的用法及功能介绍
2013/01/17 Javascript
JQuery与JS里submit()的区别示例介绍
2014/02/17 Javascript
jquery自定义下拉列表示例
2014/04/25 Javascript
javascript的switch用法注意事项分析
2015/02/02 Javascript
javascript html5实现表单验证
2016/03/01 Javascript
浅谈JS使用[ ]来访问对象属性
2016/09/21 Javascript
浅谈Angular的$q, defer, promise
2016/12/20 Javascript
vue 中基于html5 drag drap的拖放效果案例分析
2018/11/01 Javascript
vue插槽slot的理解和使用方法
2019/04/03 Javascript
VUE 动态组件的应用案例分析
2019/12/02 Javascript
JavaScript中的this原理及6种常见使用场景详解
2020/02/14 Javascript
原生JavaScript实现弹幕组件的示例代码
2020/10/12 Javascript
Python中的with...as用法介绍
2015/05/28 Python
Python自动调用IE打开某个网站的方法
2015/06/03 Python
python爬虫之xpath的基本使用详解
2018/04/18 Python
Python中BeautifuSoup库的用法使用详解
2019/11/15 Python
在python中使用nohup命令说明
2020/04/16 Python
Python可以实现栈的结构吗
2020/05/27 Python
Python collections.defaultdict模块用法详解
2020/06/18 Python
tensorflow 2.1.0 安装与实战教程(CASIA FACE v5)
2020/06/30 Python
详解Scrapy Redis入门实战
2020/11/18 Python
英国知名小木屋定制网站:Tiger Sheds
2020/03/06 全球购物
英国森林假期:Forest Holidays
2021/01/01 全球购物
行政经理的岗位职责
2013/11/23 职场文书
办公室副主任岗位职责
2013/11/25 职场文书
学术会议邀请函范文
2014/01/22 职场文书
导游词之沈阳清昭陵
2019/12/28 职场文书
苹果M1芯片安装nginx 并且部署vue项目步骤详解
2021/11/20 Servers