首页 > 语言 > PHP > 正文

php 表单敏感字符过滤代码

2024-09-04 11:44:08
字体:
来源:转载
供稿:网友
  1. /** 
  2. * 表单生成验证文件 
  3. */ 
  4. $_form = new formHtmlFind(); 
  5. class formHtmlFind{ 
  6.         /** 
  7.          * 输出表单函数 
  8.          * $formKey  表单键 
  9.          * $infoArray 更新时的原始信息数组 
  10.          */ 
  11.  
  12.         public function formHtml($array,$infoArray=''
  13.         { 
  14.                 // 检测数组是否存在 
  15.                 if(emptyempty($array))return false; 
  16.                 $newform = null; 
  17.                 // 信息数组(更新信息) 
  18.                 $this->infoArray = !emptyempty($infoArray)?$infoArray:array(); 
  19.                 $this->array['class'] =  get_class_methods(get_class()); 
  20.                 foreach ($array as $key =>$arr
  21.                 { 
  22.                         // 键值转换为纯英文 
  23.                         $key = preg_replace("/[^a-z]/i",'',$key); 
  24.                         // 生成表单 
  25.                         $newform .= $this->outputForm($arr,$key); 
  26.                 } 
  27.                 // 输出表单 
  28.                 return $newform.$this->jsError(); 
  29.         } 
  30.         /** 
  31.          * 生成表单函数 
  32.          */ 
  33.         private function outputForm($arr,$key
  34.         { 
  35.                 $value = null; 
  36.                 if(emptyempty($arr))return false; 
  37.                 // input Type 
  38.                 $type   = $key
  39.                 // input NAME 
  40.                 $name   = trim($arr[0]); 
  41.                 // input 初始值 不包含多选,单选类 
  42.                 $value  = (!emptyempty($this->infoArray[$name]))? trim($this->infoArray[$name]):trim($arr[1]); 
  43.                 $value  = emptyempty($this->post[$name])? $value :trim($this->post[$name]); 
  44.                 // input Title 
  45.                 $title  = trim($arr[2]); 
  46.                 // 样式 
  47.                 $style  = trim($arr[3]); 
  48.                 if($key!=="hidden"
  49.                 { 
  50.                         $dt = "<dt>{$title}</dt><dd>"
  51.                         // js错误提示 
  52.                         $dd = "<tt id="J{$name}"></tt></dd>rn"
  53.                 } 
  54.                 return (!preg_match("/checkbox|select|radio/i",$key))? 
  55.                 $dt.$this->newInput($type,$name,$value,$style,$title).$dd
  56.                 $this->formSelect($type,$name,$arr[1],$title,$style); // 多选类 
  57.         } 
  58.         /** 
  59.          * 提交数据检测 
  60.          */ 
  61.         public function postForm($array
  62.         { 
  63.                 // 检测数组是否存在 
  64.                 if(emptyempty($array)||emptyempty($_POST))return false; 
  65.                 $this->post           =  $_POST
  66.                 $this->array['class'] =  get_class_methods(get_class()); 
  67.                 foreach ($array as $key =>$arr
  68.                 { 
  69.                         // 键值转换为纯英文 
  70.                         $key = preg_replace("/[^a-z]/i",'',$key); 
  71.                         // 检测 注销file类表单 
  72.                         if (!emptyempty($arr)&&'file' != $key)$newData[trim($arr[0])] = $this->postFind($arr,$key); 
  73.                 } 
  74.                 // 输出表单 
  75.                 if(!emptyempty($this->error)) 
  76.                 { 
  77.                         return false; 
  78.                 } 
  79.                 else return $newData
  80.         } 
  81.         /** 
  82.          * 生成表单 
  83.          */ 
  84.         private function newInput($type,$name,$value,$style,$title
  85.         { 
  86.                 switch ($type
  87.                 { 
  88.                         case 'text'
  89.                                 // 单行文本 
  90.                                 return  "<input type="text" name="{$name}" value="{$value}" {$style}/>"
  91.                                 break
  92.                         case 'password'
  93.                                 //密码输入 
  94.                                 return "<input type="password" name="{$name}" {$style}/>"
  95.                                 break
  96.                         case ''
  97.                                 //多行文本 
  98.                                 return "<textarea name="{$name}" {$style}/>{$value}</textarea>"
  99.                                 break
  100.                         case 'hidden'
  101.                                 // 隐藏 
  102.                                 return "<input type="hidden" name="{$name}" value="{$value}" {$style}/>"
  103.                                 break
  104.                         case 'file'
  105.                                 // 文件上传 
  106.                                 return "<input type= "file"name="{$name}" {$style}/>"
  107.                                 break
  108.                         case 'submit'
  109.                                 // 提交 
  110.                                 return "<input type="submit" name="{$name}" value="$value" $style}/>"
  111.                                 break
  112.                         default
  113.                                 return "{$type}类型错误!!!"
  114.                                 break
  115.                 } 
  116.         } 
  117.         /** 
  118.          * 提交信息检测 
  119.          * 错误返回error 
  120.          */ 
  121.         private function postFind($arr,$key
  122.         { 
  123.                 if(emptyempty($arr))return false; 
  124.                 $name = $title =$error =$find =$standard =null; 
  125.                 // input NAME 
  126.                 $name     = trim($arr[0]); 
  127.                 // input Title 
  128.                 $title    = trim($arr[2]); 
  129.                 // 错误提示 
  130.                 $error    = trim($arr[4]); 
  131.                 // 检测类型 Y N 
  132.                 $find     = trim($arr[5]); 
  133.                 // 检测标准 
  134.                 $standard = trim($arr[6]); 
  135.                 // 
  136.                 if(!emptyempty($standard))$this->error .=$this->ck_split($standard,$name,$title,$find,$error); 
  137.                 // 转换为字符串 
  138.                 if(is_array($this->post[$name]))$this->post[$name] = implode(",",$this->post[$name]); 
  139.                 // 转义或其他转化 
  140.                 $KKarray = array(); 
  141.                 if(preg_match("/Y|N/is",$find)) 
  142.                 { 
  143.                         $KKarray       = split("_"$find); 
  144.                         // 转义或过滤 
  145.                         $escape_filter = (!emptyempty($KKarray[1]))?'ck_'.$KKarray[1]:''
  146.                         // 输出通过检测的合法数据 
  147.                         $data          = ($escape_filter)?$this->$escape_filter($this->post[$name]):$this->post[$name]; 
  148.  
  149.                 } 
  150.                 else  $data        = ""
  151.                 // 输出新的数据 
  152.                 return $data
  153.         } 
  154.         /** 
  155.          * 多选类表单生成 
  156.          */ 
  157.         private function formSelect($type,$name,$value,$title,$style
  158.         { 
  159.                 $outform = null; 
  160.                 // 触发更新和提交动作时的初始 
  161.                 $nowvalue = (!emptyempty($this->post[$name]))?$this->post[$name]:$this->infoarray[$name]; 
  162.                 // 兼容多选的识别,转为数组 
  163.                 if(!emptyempty($nowvalue))$valueArray = explode(",",$nowvalue); 
  164.                 // 选项标题 
  165.                 if(is_array($title)) 
  166.                 { 
  167.                         array_unshift($title,'选择'); 
  168.                         $titarray = array_values($title); 
  169.                 }else $titarray = explode("|",$title); 
  170.                 // 选项值 
  171.                 if(is_array($value)) 
  172.                 { 
  173.                         array_unshift($value,'选择'); 
  174.                         $valarray  = array_keys($value); 
  175.                         if(emptyempty($title))$titarray = array_values($value); 
  176.                 } 
  177.                 else $valarray = explode("|",$value); 
  178.                 // 取消表单的初始默认值 
  179.                 if(!emptyempty($this->post)&&!emptyempty($this->infoArray))$value = preg_replace("/Y_/i",'',$value); 
  180.  
  181.                 foreach ($valarray as $key =>$varl
  182.                 { 
  183.                         // 非默认的识别 
  184.                         if(!emptyempty($valueArray))$select   = (in_array($varl,$valueArray))?'Y':''
  185.                         //  判断是否为默认 
  186.                         else $select   = (eregi("Y_",$varl))? 'Y':''
  187.  
  188.                         if($key >'0'
  189.                         { 
  190.                                 $_title=($titarray[$key])? $titarray[$key]:$title
  191.                                 switch ($type
  192.                                 { 
  193.                                         case 'select'
  194.                                                 if('Y' == $select)$select = 'selected'
  195.                                                 $outform .=        sprintf("<option %s value="%s"/>%s</option>rn" 
  196.                                                 ,$select,preg_replace("/Y_/i",'',$varl),$_title); 
  197.                                                 break
  198.                                         case 'radio'
  199.                                                 if('Y' == $select)$select = 'checked'
  200.                                                 $outform .= sprintf("<label>%s<input %s type="radio" name="%s" value="%s" %s/></label>rn"
  201.                                                 $_title,$select,$name,$varl,$style); 
  202.                                                 break
  203.                                         case 'checkbox'
  204.                                                 if('Y' == $select)$select = 'checked'
  205.                                                 $outform .= sprintf("<label>%s<input %s type="checkbox" name="%s[]" value="%s" %s/></label>rn",$_title,$select,$name,$varl,$style); 
  206.                                                 break
  207.                                 } 
  208.                                 $select =null; 
  209.                         } 
  210.                 } 
  211.                 // 下拉选择 
  212.                 if($type =='select')$outform = sprintf('<select name="%s" %s>%s</select>',$name,$style,$outform); 
  213.                 return sprintf("<dt>%s</dt><dd>%s<tt id="J%s"></tt></dd>rn",$titarray[0],$outform,$name); 
  214.         } 
  215.         /** 
  216.          * 表单验证 及全部 ck_类函数 
  217.          */ 
  218.         private function ck_split($standard,$name,$title,$find,$error
  219.         { 
  220.                 //  非必填缺省跳过 
  221.                 if(eregi('N',$find) && emptyempty($this->post[$name]))return false; 
  222.                 // 必填缺省检测 
  223.                 if(eregi('Y',$find) && emptyempty($this->post[$name]))return "["J{$name}","$error"],"
  224.                 $t_error = null; 
  225.                 // 多项检测 
  226.                 $arr = explode(',',$standard); 
  227.                 // POST数据检测 
  228.                 if(!emptyempty($arr))foreach ($arr as $var
  229.                 { 
  230.                         if(trim($var)!=''
  231.                         { 
  232.                                 switch ($this->post) 
  233.                                 { 
  234.                                         case is_array($this->post[$name]): 
  235.                                                 // 数组类的检测 
  236.                                                 foreach ($this->post[$nameas $_var
  237.                                                 { 
  238.                                                         $t_error.= ($this->ck_open($_var,trim($var)))?"":$error
  239.                                                         if($t_error)break
  240.                                                 } 
  241.                                                 break
  242.                                         default
  243.                                                 $t_error.= ($this->ck_open($this->post[$name],trim($var)))?"":$error
  244.                                                 break
  245.                                 } 
  246.                                 if($t_error)break
  247.                         } 
  248.                 } 
  249.                 return ($t_error)? "["J{$name}","$t_error"],":""
  250.         } 
  251.         // 函数调用 
  252.         private function ck_open($string,$str
  253.         { 
  254.                 $functi = $this->ck_detected($str); 
  255.                 return ($this->$functi($string,$str))? true:false; 
  256.         } 
  257.         // 类型判断 
  258.         private function ck_detected($str
  259.         { 
  260.                 $detect = (eregi("^[a-zA-Z]*$",$str))? "{$str}Detect":'lengthDetect'
  261.                 if(!in_array($detect,$this->array['class'])) 
  262.                 { 
  263.                         location('index.php',$ck,' Lack of function !!!'); 
  264.                 } 
  265.                 return $detect
  266.         } 
  267.         //-------------------------------------以下为检测函数可外部调用 
  268.         // 长度 
  269.         public function lengthDetect($string,$str){ 
  270.                 $len = split('-',trim($str)); 
  271.                 return (strlen($string) > ($len[0]-1) && strlen($string) < ($len[1]+1))? true:false; 
  272.         } 
  273.         // 价格 
  274.         public function moneyDetect($str){ 
  275.                 return preg_match("/^(-|+)?d+(.d+)?$/",$str); 
  276.         } 
  277.         // 邮件 
  278.         public function emailDetect($str){ 
  279.                 return preg_match("/^w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*$/"$str); 
  280.         } 
  281.         // 网址 
  282.         public function urlDetect($str){ 
  283.                 return preg_match("/^http://[A-Za-z0-9]+.[A-Za-z0-9]+[/=?%-&_~`@[]':+!]*([^<>"])*$/", $str); 
  284.         } 
  285.         // 数字型 
  286.         public function numDetect($str){ 
  287.                 return is_numeric($str); 
  288.         } 
  289.         // 中文 
  290.         public function cnDetect($str){ 
  291.                 return preg_match("/^[x7f-xff]+$/"$str); 
  292.         } 
  293.         // 字母 
  294.         public function enDetect($str){ 
  295.                 return preg_match("/^[A-Za-z]+$/"$str); 
  296.         } 
  297.         // 数字字母混合 
  298.         public function numenDetect($str){ 
  299.                 return preg_match("/^([a-zA-Z0-9_-])+$/",$str); 
  300.         } 
  301.         // 电话号码 
  302.         public function telDetect($str){ 
  303.                 return ereg("^[+]?[0-9]+([xX-][0-9]+)*$"$str); 
  304.         } 
  305.         // 敏感词 
  306.         public function keyDetect($str){ 
  307.                 return (!preg_match("/$badkey/i",$str)); 
  308.         } 
  309.         //-----------------------------------------------------输出 
  310.         // 字符替换 
  311.         public function ck_filter($str){ 
  312.                 $str=(is_array($str))? implode(",",$str):$str
  313.                 $str=nl2br($str); //将回车替换为<br> 
  314.                 $str=htmlspecialchars($str); //将特殊字元转成 HTML 格式。 
  315.                 //$str=str_replace(array(" ",'<? '),array(" ",'< ?'),$str); //替换空格替换为 
  316.                 return $str
  317.         } 
  318.         // 转义 
  319.         function ck_escape($str
  320.         { 
  321.                 if (!get_magic_quotes_gpc())return addslashes($str); 
  322.                 return $str
  323.         } 
  324.         // MD5加密 
  325.         public function ck_md5($str){ 
  326.                 return  MD5($str); 
  327.         } 
  328.         // base64加密 
  329.         public function ck_base64($str){ 
  330.                 return  base64_encode($str); 
  331.         } 
  332.         // 时间 
  333.         function ck_time($str){ 
  334.                 // time_r() 来在公用函数文件 
  335.                 if(!is_numeric($str)) 
  336.                 { 
  337.                         return time_r($str); 
  338.                 } 
  339.                 else return $str
  340.         } 
  341.         // 有条件注销(数字) 
  342.         public function ck_cancel($str){ 
  343.                 return (!is_numeric($str))? $str:""
  344.         } 
  345.         // 无条件注销 
  346.         public function ck_delete(){ 
  347.                 return null; 
  348.         } 
  349.         // js错误提示 
  350.         private function jsError() 
  351.         { 
  352.                 if(emptyempty($this->error))return false; 
  353.                 return  " 
  354.                 <script  language=javascript> rn var error = new Array(".trim($this->error,',')."); 
  355.                         rn for (i=0; i < error.length; i++){ 
  356.                         rn document.getElementById(error[0]).innerHTML=error[1]; 
  357.                          }rn </script> 
  358.                 "; 
  359.         } 
  360.  
  361. // 演示: 
  362. $form[1] =array
  363. 'text'=>array('title','','产品名称','size=40','产品名称不可缺少!','Y','cn,1-30'), 
  364. 'text1'=>array('categories','','产品名称','','','Y_base64'), 
  365. 'select'=>array('superiors','||1|2|Y_3','产品类别|选择|1|2|3','','必选项','Y'), 
  366. 'radio'=>array('superiors1','|1|Y_2|3','产品xun|产品1|产品2|产品3','','必选项','Y'), 
  367. 'checkbox'=>array('superiors2',array(1=>'11',2=>'22',3=>'33'),'','','必选项','Y'), 
  368. 'file'=>array('ddd','','文件'), 
  369. ); 
  370. $form =array ( 
  371.   'login' =>  
  372.   array ( 
  373.     'text' =>  
  374.     array ( 
  375.       0 => 'user'
  376.       1 => ''
  377.       2 => '用户名'
  378.       3 => 'size=20'
  379.       4 => '!'
  380.       5 => 'Y'
  381.       6 => 'numen,6-12'
  382.     ), 
  383.     'password' =>  
  384.     array ( 
  385.       0 => 'pass'
  386.       1 => ''
  387.       2 => '密 码'
  388.       3 => 'size=22'
  389.       4 => '密码格式错误!'
  390.       5 => 'Y_md5'
  391.       6 => 'numen,6-12'
  392.     ), 
  393.     'radio' =>  
  394.     array ( 
  395.       0 => 'time'
  396.       1 => '|7200|3600|1800'
  397.       2 => 'cookies有效时间|2小时|1小时|30分钟'
  398.       3 => ''
  399.       4 => ''
  400.       5 => 'N_delete'
  401.       6 => ''
  402.     ), 
  403.   ), 
  404.   ); 
  405.  
  406. // 表单提交效验 
  407. $past = $_form->postForm($form['login']); 
  408. $dd = array('title'=>'标题','categories'=>'类别'); 
  409. // $dd 为已有的信息(如更新时的信息输出) POST数据位内部处理具有优先权//开源代码Vevb.com 
  410. if(!emptyempty($past)) 
  411.         echo "<pre>"
  412.         print_r($past); 
  413.         echo"</pre>"
  414. echo '<form method="POST" NAME="PostTopic" action="" enctype="multipart/form-data" style="margin:0px;">'
  415. echo $_form->formHtml($form['login'],$dd); 
  416. echo '<input type="submit" value="Y" name="B1"></form>'

发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表