PHP 安全检测代码片段(分享)
前端之家收集整理的这篇文章主要介绍了
PHP 安全检测代码片段(分享),
前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
<div class="codetitle"><a style="CURSOR: pointer" data="89719" class="copybut" id="copybut89719" onclick="doCopy('code89719')"> 代码如下:
<div class="codebody" id="code89719">
/
html转换输出(只转义' " 保留Html正常运行)
@param $param
@return string
/
function htmlEscape($param) {
return trim(htmlspecialchars($param,ENT_QUOTES));
} / 是否数组(同时检测数组中是否存在值)
@param $params
@return boolean
/
function isArray($params) {
return (!is_array($params) || !count($params)) ? false : true;
} /
变量是否在数组中存在(参数容错, 字符串是否存在于数组中)
@param $param
@param $params
@return boolean
*/
function inArray($param,$params) {
return (!in_array((string)$param,(array)$params)) ? false : true;
}/
通用多类型混合转义函数
@param $var
@param $strip
@param $isArray
@return mixture
/
function sqlEscape($var,$strip = true,$isArray = false) {
if (is_array($var)) {
if (!$isArray) return " '' ";
foreach ($var as $key => $value) {
$var[$key] = trim(S::sqlEscape($value,$strip));
}
return $var;
} elseif (is_numeric($var)) {
return " '" . $var . "' ";
} else {
return " '" . addslashes($strip ? stripslashes($var) : $var) . "' ";
}
} /
获取服务器变量
@param $keys
@return string
/
function getServer($keys) {
$server = array();
$array = (array) $keys;
foreach ($array as $key) {
$server[$key] = NULL;
if (isset($_SERVER[$key])) {
$server[$key] = str_replace(array('<','>','"',"'",'%3C','%3E','%22','%27','%3c','%3e'),'',$_SERVER[$key]);
}
}
return is_array($keys) ? $server : $server[$keys];
} /*
变量转义
@param $array
/
function slashes(&$array) {
if (is_array($array)) {
foreach ($array as $key => $value) {
if (is_array($value)) {
S::slashes($array[$key]);
} else {
$array[$key] = addslashes($value);
}
}
}
} / 目录转换
@param unknown_type $dir
@return string
/
function escapeDir($dir) {
$dir = str_replace(array("'",'#','=','`','$','%','&',';'),$dir);
return rtrim(preg_replace('/(\/){2,}|(\){1,}/','/',$dir),'/');
}
/
通用多类型转换
@param $mixed
@param $isint
@param $istrim
@return mixture
/
function escapeChar($mixed,$isint = false,$istrim = false) {
if (is_array($mixed)) {
foreach ($mixed as $key => $value) {
$mixed[$key] = S::escapeChar($value,$isint,$istrim);
}
} elseif ($isint) {
$mixed = (int) $mixed;
} elseif (!is_numeric($mixed) && ($istrim ? $mixed = trim($mixed) : $mixed) && $mixed) {
$mixed = S::escapeStr($mixed);
}
return $mixed;
}
/ 字符转换
@param $string
@return string
/
function escapeStr($string) {
$string = str_replace(array("\0","%00","\r"),$string); //modified@2010-7-5
$string = preg_replace(array('/[\x00-\x08\x0B\x0C\x0E-\x1F]/','/&(?!(#[0-9]+|[a-z]+);)/is'),array('','&'),$string);
$string = str_replace(array("%3C",'<'),'<',$string);
$string = str_replace(array("%3E",'>'),$string);
$string = str_replace(array('"',"\t",' '),array('"',''',' ',''),$string);
return $string;
}
/*
变量检查
@param $var
/
function checkVar(&$var) {
if (is_array($var)) {
foreach ($var as $key => $value) {
S::checkVar($var[$key]);
}
} elseif (P_W != 'admincp') {
$var = str_replace(array('..',')','='),array('..',')','='),$var);
} elseif (str
replace(array('<iframe','<@R404_338@','<script'),$var) != $var) {
global $basename;
$basename = 'javascript:history.go(-1);';
adminmsg('word_error');
}
}
