php表单敏感字符过滤类


Posted in PHP onDecember 08, 2014

本文实例讲述了php表单敏感字符过滤类及其用法。分享给大家供大家参考。具体分析如下:

/** 

* 表单生成验证文件 

*/ 

$_form = new formHtmlFind(); 

class formHtmlFind{ 

        /** 

         * 输出表单函数 

         * $formKey  表单键 

         * $infoArray 更新时的原始信息数组 

         */ 

 

        public function formHtml($array,$infoArray='') 

        { 

                // 检测数组是否存在 

                if(emptyempty($array))return false; 

                $newform = null; 

                // 信息数组(更新信息) 

                $this->infoArray = !emptyempty($infoArray)?$infoArray:array(); 

                $this->array['class'] =  get_class_methods(get_class()); 

                foreach ($array as $key =>$arr) 

                { 

                        // 键值转换为纯英文 

                        $key = preg_replace("/[^a-z]/i",'',$key); 

                        // 生成表单 

                        $newform .= $this->outputForm($arr,$key); 

                } 

                // 输出表单 

                return $newform.$this->jsError(); 

        } 

        /** 

         * 生成表单函数 

         */ 

        private function outputForm($arr,$key) 

        { 

                $value = null; 

                if(emptyempty($arr))return false; 

                // input Type 

                $type   = $key; 

                // input NAME 

                $name   = trim($arr[0]); 

                // input 初始值 不包含多选,单选类 

                $value  = (!emptyempty($this->infoArray[$name]))? trim($this->infoArray[$name]):trim($arr[1]); 

                $value  = emptyempty($this->post[$name])? $value :trim($this->post[$name]); 

                // input Title 

                $title  = trim($arr[2]); 

                // 样式 

                $style  = trim($arr[3]); 

                if($key!=="hidden") 

                { 

                        $dt = "<dt>{$title}</dt><dd>"; 

                        // js错误提示 

                        $dd = "<tt id="J{$name}"></tt></dd>rn"; 

                } 

                return (!preg_match("/checkbox|select|radio/i",$key))? 

                $dt.$this->newInput($type,$name,$value,$style,$title).$dd: 

                $this->formSelect($type,$name,$arr[1],$title,$style); // 多选类 

        } 

        /** 

         * 提交数据检测 

         */ 

        public function postForm($array) 

        { 

                // 检测数组是否存在 

                if(emptyempty($array)||emptyempty($_POST))return false; 

                $this->post           =  $_POST; 

                $this->array['class'] =  get_class_methods(get_class()); 

                foreach ($array as $key =>$arr) 

                { 

                        // 键值转换为纯英文 

                        $key = preg_replace("/[^a-z]/i",'',$key); 

                        // 检测 注销file类表单 

                        if (!emptyempty($arr)&&'file' != $key)$newData[trim($arr[0])] = $this->postFind($arr,$key); 

                } 

                // 输出表单 

                if(!emptyempty($this->error)) 

                { 

                        return false; 

                } 

                else return $newData; 

        } 

        /** 

         * 生成表单 

         */ 

        private function newInput($type,$name,$value,$style,$title) 

        { 

                switch ($type) 

                { 

                        case 'text': 

                                // 单行文本 

                                return  "<input type="text" name="{$name}" value="{$value}" {$style}/>"; 

                                break; 

                        case 'password': 

                                //密码输入 

                                return "<input type="password" name="{$name}" {$style}/>"; 

                                break; 

                        case '': 

                                //多行文本 

                                return "<textarea name="{$name}" {$style}/>{$value}</textarea>"; 

                                break; 

                        case 'hidden': 

                                // 隐藏 

                                return "<input type="hidden" name="{$name}" value="{$value}" {$style}/>"; 

                                break; 

                        case 'file': 

                                // 文件上传 

                                return "<input type= "file"name="{$name}" {$style}/>"; 

                                break; 

                        case 'submit': 

                                // 提交 

                                return "<input type="submit" name="{$name}" value="$value" $style}/>"; 

                                break; 

                        default: 

                                return "{$type}类型错误!!!"; 

                                break; 

                } 

        } 

        /** 

         * 提交信息检测 

         * 错误返回error 

         */ 

        private function postFind($arr,$key) 

        { 

                if(emptyempty($arr))return false; 

                $name = $title =$error =$find =$standard =null; 

                // input NAME 

                $name     = trim($arr[0]); 

                // input Title 

                $title    = trim($arr[2]); 

                // 错误提示 

                $error    = trim($arr[4]); 

                // 检测类型 Y N 

                $find     = trim($arr[5]); 

                // 检测标准 

                $standard = trim($arr[6]); 

                // 

                if(!emptyempty($standard))$this->error .=$this->ck_split($standard,$name,$title,$find,$error); 

                // 转换为字符串 

                if(is_array($this->post[$name]))$this->post[$name] = implode(",",$this->post[$name]); 

                // 转义或其他转化 

                $KKarray = array(); 

                if(preg_match("/Y|N/is",$find)) 

                { 

                        $KKarray       = split("_", $find); 

                        // 转义或过滤 

                        $escape_filter = (!emptyempty($KKarray[1]))?'ck_'.$KKarray[1]:''; 

                        // 输出通过检测的合法数据 

                        $data          = ($escape_filter)?$this->$escape_filter($this->post[$name]):$this->post[$name]; 

 

                } 

                else  $data        = ""; 

                // 输出新的数据 

                return $data; 

        } 

        /** 

         * 多选类表单生成 

         */ 

        private function formSelect($type,$name,$value,$title,$style) 

        { 

                $outform = null; 

                // 触发更新和提交动作时的初始 

                $nowvalue = (!emptyempty($this->post[$name]))?$this->post[$name]:$this->infoarray[$name]; 

                // 兼容多选的识别,转为数组 

                if(!emptyempty($nowvalue))$valueArray = explode(",",$nowvalue); 

                // 选项标题 

                if(is_array($title)) 

                { 

                        array_unshift($title,'选择'); 

                        $titarray = array_values($title); 

                }else $titarray = explode("|",$title); 

                // 选项值 

                if(is_array($value)) 

                { 

                        array_unshift($value,'选择'); 

                        $valarray  = array_keys($value); 

                        if(emptyempty($title))$titarray = array_values($value); 

                } 

                else $valarray = explode("|",$value); 

                // 取消表单的初始默认值 

                if(!emptyempty($this->post)&&!emptyempty($this->infoArray))$value = preg_replace("/Y_/i",'',$value); 

 

                foreach ($valarray as $key =>$varl) 

                { 

                        // 非默认的识别 

                        if(!emptyempty($valueArray))$select   = (in_array($varl,$valueArray))?'Y':''; 

                        //  判断是否为默认 

                        else $select   = (eregi("Y_",$varl))? 'Y':''; 

 

                        if($key >'0') 

                        { 

                                $_title=($titarray[$key])? $titarray[$key]:$title; 

                                switch ($type) 

                                { 

                                        case 'select': 

                                                if('Y' == $select)$select = 'selected'; 

                                                $outform .=        sprintf("<option %s value="%s"/>%s</option>rn" 

                                                ,$select,preg_replace("/Y_/i",'',$varl),$_title); 

                                                break; 

                                        case 'radio': 

                                                if('Y' == $select)$select = 'checked'; 

                                                $outform .= sprintf("<label>%s<input %s type="radio" name="%s" value="%s" %s/></label>rn", 

                                                $_title,$select,$name,$varl,$style); 

                                                break; 

                                        case 'checkbox': 

                                                if('Y' == $select)$select = 'checked'; 

                                                $outform .= sprintf("<label>%s<input %s type="checkbox" name="%s[]" value="%s" %s/></label>rn",$_title,$select,$name,$varl,$style); 

                                                break; 

                                } 

                                $select =null; 

                        } 

                } 

                // 下拉选择 

                if($type =='select')$outform = sprintf('<select name="%s" %s>%s</select>',$name,$style,$outform); 

                return sprintf("<dt>%s</dt><dd>%s<tt id="J%s"></tt></dd>rn",$titarray[0],$outform,$name); 

        } 

        /** 

         * 表单验证 及全部 ck_类函数 

         */ 

        private function ck_split($standard,$name,$title,$find,$error) 

        { 

                //  非必填缺省跳过 

                if(eregi('N',$find) && emptyempty($this->post[$name]))return false; 

                // 必填缺省检测 

                if(eregi('Y',$find) && emptyempty($this->post[$name]))return "["J{$name}","$error"],"; 

                $t_error = null; 

                // 多项检测 

                $arr = explode(',',$standard); 

                // POST数据检测 

                if(!emptyempty($arr))foreach ($arr as $var) 

                { 

                        if(trim($var)!='') 

                        { 

                                switch ($this->post) 

                                { 

                                        case is_array($this->post[$name]): 

                                                // 数组类的检测 

                                                foreach ($this->post[$name] as $_var) 

                                                { 

                                                        $t_error.= ($this->ck_open($_var,trim($var)))?"":$error; 

                                                        if($t_error)break; 

                                                } 

                                                break; 

                                        default: 

                                                $t_error.= ($this->ck_open($this->post[$name],trim($var)))?"":$error; 

                                                break; 

                                } 

                                if($t_error)break; 

                        } 

                } 

                return ($t_error)? "["J{$name}","$t_error"],":""; 

        } 

        // 函数调用 

        private function ck_open($string,$str) 

        { 

                $functi = $this->ck_detected($str); 

                return ($this->$functi($string,$str))? true:false; 

        } 

        // 类型判断 

        private function ck_detected($str) 

        { 

                $detect = (eregi("^[a-zA-Z]*$",$str))? "{$str}Detect":'lengthDetect'; 

                if(!in_array($detect,$this->array['class'])) 

                { 

                        location('index.php',$ck,' Lack of function !!!'); 

                } 

                return $detect; 

        } 

        //-------------------------------------以下为检测函数可外部调用 

        // 长度 

        public function lengthDetect($string,$str){ 

                $len = split('-',trim($str)); 

                return (strlen($string) > ($len[0]-1) && strlen($string) < ($len[1]+1))? true:false; 

        } 

        // 价格 

        public function moneyDetect($str){ 

                return preg_match("/^(-|+)?d+(.d+)?$/",$str); 

        } 

        // 邮件 

        public function emailDetect($str){ 

                return preg_match("/^w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*$/", $str); 

        } 

        // 网址 

        public function urlDetect($str){ 

                return preg_match("/^http://[A-Za-z0-9]+.[A-Za-z0-9]+[/=?%-&_~`@[]':+!]*([^<>"])*$/", $str); 

        } 

        // 数字型 

        public function numDetect($str){ 

                return is_numeric($str); 

        } 

        // 中文 

        public function cnDetect($str){ 

                return preg_match("/^[x7f-xff]+$/", $str); 

        } 

        // 字母 

        public function enDetect($str){ 

                return preg_match("/^[A-Za-z]+$/", $str); 

        } 

        // 数字字母混合 

        public function numenDetect($str){ 

                return preg_match("/^([a-zA-Z0-9_-])+$/",$str); 

        } 

        // 电话号码 

        public function telDetect($str){ 

                return ereg("^[+]?[0-9]+([xX-][0-9]+)*$", $str); 

        } 

        // 敏感词 

        public function keyDetect($str){ 

                return (!preg_match("/$badkey/i",$str)); 

        } 

        //-----------------------------------------------------输出 

        // 字符替换 

        public function ck_filter($str){ 

                $str=(is_array($str))? implode(",",$str):$str; 

                $str=nl2br($str); //将回车替换为<br> 

                $str=htmlspecialchars($str); //将特殊字元转成 HTML 格式。 

                //$str=str_replace(array(" ",'<? '),array(" ",'< ?'),$str); //替换空格替换为 

                return $str; 

        } 

        // 转义 

        function ck_escape($str) 

        { 

                if (!get_magic_quotes_gpc())return addslashes($str); 

                return $str; 

        } 

        // MD5加密 

        public function ck_md5($str){ 

                return  MD5($str); 

        } 

        // base64加密 

        public function ck_base64($str){ 

                return  base64_encode($str); 

        } 

        // 时间 

        function ck_time($str){ 

                // time_r() 来在公用函数文件 

                if(!is_numeric($str)) 

                { 

                        return time_r($str); 

                } 

                else return $str; 

        } 

        // 有条件注销(数字) 

        public function ck_cancel($str){ 

                return (!is_numeric($str))? $str:""; 

        } 

        // 无条件注销 

        public function ck_delete(){ 

                return null; 

        } 

        // js错误提示 

        private function jsError() 

        { 

                if(emptyempty($this->error))return false; 

                return  " 

                <script  language=javascript> rn var error = new Array(".trim($this->error,',')."); 

                        rn for (i=0; i < error.length; i++){ 

                        rn document.getElementById(error[0]).innerHTML=error[1]; 

                         }rn </script> 

                "; 

        } 

} 

 

// 演示: 

$form[1] =array( 

'text'=>array('title','','产品名称','size=40','产品名称不可缺少!','Y','cn,1-30'), 

'text1'=>array('categories','','产品名称','','','Y_base64'), 

'select'=>array('superiors','||1|2|Y_3','产品类别|选择|1|2|3','','必选项','Y'), 

'radio'=>array('superiors1','|1|Y_2|3','产品xun|产品1|产品2|产品3','','必选项','Y'), 

'checkbox'=>array('superiors2',array(1=>'11',2=>'22',3=>'33'),'','','必选项','Y'), 

'file'=>array('ddd','','文件'), 

); 

$form =array ( 

  'login' =>  

  array ( 

    'text' =>  

    array ( 

      0 => 'user', 

      1 => '', 

      2 => '用户名', 

      3 => 'size=20', 

      4 => '!', 

      5 => 'Y', 

      6 => 'numen,6-12', 

    ), 

    'password' =>  

    array ( 

      0 => 'pass', 

      1 => '', 

      2 => '密 码', 

      3 => 'size=22', 

      4 => '密码格式错误!', 

      5 => 'Y_md5', 

      6 => 'numen,6-12', 

    ), 

    'radio' =>  

    array ( 

      0 => 'time', 

      1 => '|7200|3600|1800', 

      2 => 'cookies有效时间|2小时|1小时|30分钟', 

      3 => '', 

      4 => '', 

      5 => 'N_delete', 

      6 => '', 

    ), 

  ), 

  ); 

 

// 表单提交效验 

$past = $_form->postForm($form['login']); 

$dd = array('title'=>'标题','categories'=>'类别'); 

// $dd 为已有的信息(如更新时的信息输出) POST数据位内部处理具有优先权

if(!emptyempty($past)) 

{ 

        echo "<pre>"; 

        print_r($past); 

        echo"</pre>"; 

} 

echo '<form method="POST" NAME="PostTopic" action="" enctype="multipart/form-data" style="margin:0px;">'; 

echo $_form->formHtml($form['login'],$dd); 

echo '<input type="submit" value="Y" name="B1"></form>';

希望本文所述对大家的PHP程序设计有所帮助。

PHP 相关文章推荐
解决中英文字符串长度问题函数
Jan 16 PHP
PHP 加密与解密的斗争
Apr 17 PHP
简单的PHP多图上传小程序代码
Jul 17 PHP
PHP函数spl_autoload_register()用法和__autoload()介绍
Feb 04 PHP
自己写了一个php检测文件编码的函数
Apr 21 PHP
PHP中数组的分组排序实例
Jun 01 PHP
php表单提交与$_POST实例分析
Jan 26 PHP
PHP yii实现model添加默认值的方法(两种方法)
Nov 10 PHP
PHP搭建大文件切割分块上传功能示例
Jan 04 PHP
php获取手机端的号码以及ip地址实例代码
Sep 12 PHP
php中访问修饰符的知识点总结
Jan 27 PHP
PHP count()函数讲解
Feb 03 PHP
php网页病毒清除类
Dec 08 #PHP
ThinkPHP入口文件设置及相关注意事项分析
Dec 05 #PHP
简单实用的PHP防注入类实例
Dec 05 #PHP
ThinkPHP连接数据库的方式汇总
Dec 05 #PHP
PHP生成RSS文件类实例
Dec 05 #PHP
php实现两表合并成新表并且有序排列的方法
Dec 05 #PHP
ThinkPHP中redirect用法分析
Dec 05 #PHP
You might like
PHP序列号生成函数和字符串替换函数代码
2012/06/07 PHP
百度地图API应用之获取用户的具体位置
2014/06/10 PHP
ThinkPHP权限认证Auth实例详解
2014/07/22 PHP
javascript下高性能字符串连接StringBuffer类
2010/08/16 Javascript
只需20行代码就可以写出CSS覆盖率测试脚本
2013/04/24 Javascript
zTree插件之多选下拉菜单实例代码
2013/11/06 Javascript
动态添加删除表格行的js实现代码
2014/02/28 Javascript
node.js+Ajax实现获取HTTP服务器返回数据
2014/11/26 Javascript
Jquery结合HTML5实现文件上传
2015/06/25 Javascript
使用PHP+JavaScript将HTML页面转换为图片的实例分享
2016/04/18 Javascript
jQuery插件EasyUI实现Layout框架页面中弹出窗体到最顶层效果(穿越iframe)
2016/08/05 Javascript
Javascript快速实现浏览器系统通知
2017/08/26 Javascript
JavaScript类的继承操作实例总结
2018/12/20 Javascript
微信小程序访问豆瓣电影api的实现方法
2019/03/31 Javascript
javascript写一个ajax自动拦截并下载数据代码实例
2019/09/07 Javascript
微信小程序监听用户登录事件的实现方法
2019/11/11 Javascript
探索浏览器页面关闭window.close()的使用详解
2020/08/21 Javascript
[01:02:05]LGD vs Mineski 2018国际邀请赛小组赛BO2 第一场 8.19
2018/08/21 DOTA
scrapy爬虫实例分享
2017/12/28 Python
python生成1行四列全2矩阵的方法
2018/08/04 Python
python2与python3共存问题的解决方法
2018/09/18 Python
Python os.rename() 重命名目录和文件的示例
2018/10/25 Python
使用python制作一个为hex文件增加版本号的脚本实例
2019/06/12 Python
浅谈Python线程的同步互斥与死锁
2020/03/22 Python
python通用数据库操作工具 pydbclib的使用简介
2020/12/21 Python
程序设计HTML5 Canvas API
2013/04/08 HTML / CSS
美国一家主营日韩美妆护肤品的在线商店:iMomoko
2016/09/11 全球购物
Expedia瑞典官网:预订度假屋、酒店、汽车租赁、机票等
2021/01/23 全球购物
香奈儿美国官网:CHANEL美国
2020/05/20 全球购物
请说出你所知道的线程同步的方法
2013/04/19 面试题
如何转换一个字符串到enum值
2014/04/12 面试题
事业单位辞职信范文
2014/01/19 职场文书
党员三严三实对照检查材料
2014/10/13 职场文书
2015年七一建党节活动方案
2015/05/05 职场文书
严以修身专题学习研讨会发言材料
2015/11/09 职场文书
2016天猫双十一广告语
2016/01/28 职场文书