Backend Development
PHP Tutorial
Detailed graphic explanation of php parameters and data filtering
Detailed graphic explanation of php parameters and data filtering
本篇文章主要介绍php 参数和数据过滤图文详解,感兴趣的朋友参考下,希望对大家有所帮助。
`下面通过一段代码给大家介绍php参数过滤
class mysafe{
public $logname;
public $isshwomsg;
function __construct(){
set_error_handler('MyError',E_ALL);
//-----
}
function MyError($errno, $errstr, $errfile, $errline){
echo "<b>Error number:</b> [$errno],error on line $errline in $errfile<br />";
exit;
}
function wlog($logs){
if(empty($logname)){
$this->logname=$_SERVER["DOCUMENT_ROOT"]."/log.htm";
}
$Ts=fopen($this->logname,"a+");
fputs($Ts,$logs."\r\n");
fclose($Ts);
}
function showmsg($msg='',$flag=false){
$this->isshwomsg=empty($this->isshwomsg) ? false : true;
if ($this->isshwomsg) {
echo '<br />--------------------------------------<br />';
echo $msg;
echo '<br />--------------------------------------<br />';
if ($flag) exit;
}
}
function get_filter(){
$getfilter="'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
foreach($_GET as $key=>$value){
$this->StopAttack($key,$value,$getfilter);
}
}
function post_filter(){
$postfilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
foreach($_POST as $key=>$value){
$this->StopAttack($key,$value,$postfilter);
}
}
function cookie_filter(){
$cookiefilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
foreach($_COOKIE as $key=>$value){
$this->StopAttack($key,$value,$cookiefilter);
}
}
//过滤参数
function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){
if(is_array($StrFiltValue)){
$StrFiltValue=implode($StrFiltValue);
}
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
$msg="<br><br>操作IP: ".$_SERVER["REMOTE_ADDR"]."<br>操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."<br>操作页面:".$_SERVER["PHP_SELF"]."<br>提交方式: ".$_SERVER["REQUEST_METHOD"]."<br>提交参数: ".$StrFiltKey."<br>提交数据: ".$StrFiltValue;
$this->wlog($msg);
$this->showmsg($msg);
exit();
}
}
function filter_value_for_sql($str){
$str = str_replace("and","",$str);
$str = str_replace("execute","",$str);
$str = str_replace("update","",$str);
$str = str_replace("count","",$str);
$str = str_replace("chr","",$str);
$str = str_replace("mid","",$str);
$str = str_replace("master","",$str);
$str = str_replace("truncate","",$str);
$str = str_replace("char","",$str);
$str = str_replace("declare","",$str);
$str = str_replace("select","",$str);
$str = str_replace("create","",$str);
$str = str_replace("delete","",$str);
$str = str_replace("insert","",$str);
$str = str_replace("'","",$str);
$str = str_replace('"',"",$str);
$str = str_replace(" ","",$str);
$str = str_replace("or","",$str);
$str = str_replace("=","",$str);
$str = str_replace(" ","",$str);
return $str;
}
//class end
}下面给大家介绍下PHP数据过滤
1、php提交数据过滤的基本原则
1)提交变量进数据库时,我们必须使用addslashes()进行过滤,像我们的注入问题,一个addslashes()也就搞定了。其实在涉及到变量取值时,intval()函数对字符串的过滤也是个不错的选择。
2)在php.ini中开启magic_quotes_gpc和magic_quotes_runtime。magic_quotes_gpc可以把get,post,cookie里的引号变为斜杠。magic_quotes_runtime对于进出数据库的数据可以起到格式话的作用。其实,早在以前注入很疯狂时,这个参数就很流行了。
3)在使用系统函数时,必须使用escapeshellarg(),escapeshellcmd()参数去过滤,这样你也就可以放心的使用系统函数。
4)对于跨站,strip_tags(),htmlspecialchars()两个参数都不错,对于用户提交的的带有html和php的标记都将进行转换。比如尖括号"<"就将转化为 "<"这样无害的字符。
$new = htmlspecialchars("Test", ENT_QUOTES);
strip_tags($text,);
5)对于相关函数的过滤,就像先前的include(),unlink,fopen()等等,只要你把你所要执行操作的变量指定好或者对相关字符过滤严密,我想这样也就无懈可击了。
2、PHP简单的数据过滤
1)入库: trim($str),addslashes($str)
2)出库: stripslashes($str)
3)显示: htmlspecialchars(nl2br($str))
总结:以上就是本篇文的全部内容,希望能对大家的学习有所帮助。
相关推荐:
The above is the detailed content of Detailed graphic explanation of php parameters and data filtering. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP data filtering: Handling unsafe file paths
Jul 30, 2023 pm 06:53 PM
PHP Data Filtering: Handling Unsafe File Paths When writing web applications, we often need to handle user-supplied file paths. However, if we do not handle these paths carefully, it can lead to security vulnerabilities. This article will introduce how to effectively handle unsafe file paths to ensure the security of the system. 1. What is an unsafe file path? An unsafe file path is a user-entered file path that may contain malicious code or lead to remote code execution vulnerabilities. These file paths may be used to read, write, or
PHP data filtering: How to filter user-entered control characters
Jul 29, 2023 am 11:12 AM
PHP data filtering: How to filter control characters entered by users. Control characters are some unprintable characters in ASCII code. They are usually used to control the display and format of text. However, in web development, user-entered control characters can be misused, leading to security vulnerabilities and application errors. Therefore, it is very important to perform data filtering on user input. In PHP, using built-in functions and regular expressions can effectively filter out user-entered control characters. Here are some commonly used methods and code examples: Using fil
PHP data filtering: effectively handle user-input images and multimedia files
Jul 28, 2023 pm 04:53 PM
PHP data filtering: effectively handles images and multimedia files input by users. In modern network applications, users uploading images and multimedia files has become a common operation. However, ensuring the security of uploaded files and effectively filtering and validating user input are tasks that every developer should pay attention to. This article will introduce some PHP data filtering techniques and provide some code examples to help developers better process images and multimedia files uploaded by users. First, we need to make sure that the file uploaded by the user is indeed an image or
PHP Data Filtering: The Importance of Server-Side Data Filtering
Jul 28, 2023 pm 02:49 PM
PHP data filtering: The importance of server-side data filtering In modern Internet applications, data security and integrity are crucial. Since users can submit data through the front-end page, data filtering is required on the server side to ensure data accuracy and security. This article will introduce the importance of PHP data filtering and provide some code examples to demonstrate how to perform server-side data filtering. The importance of data filtering Data filtering refers to verifying and cleaning data entered by users to prevent illegal data or malicious code from entering the server
PHP Data Filtering: How to Prevent Data Tampering and Corruption
Jul 28, 2023 pm 06:21 PM
PHP data filtering: How to prevent data tampering and damage Introduction: In PHP development, data filtering is an important security measure. By filtering user input and output data, you can effectively prevent data from being tampered with and damaged, and protect the security of the website. This article will discuss how to use PHP for data filtering and provide some code examples. 1. Input filtering The data entered by users, especially the data submitted from forms, must be filtered to prevent malicious attacks and bad behaviors. Here are some common input filtering methods: use
PHP Data Filtering: Using Regular Expressions for Data Validation
Jul 30, 2023 pm 03:17 PM
PHP Data Filtering: Using Regular Expressions for Data Validation With the rapid development of the Internet, data input and processing are becoming more and more important. When developing a website or application, it is often necessary to validate and filter user-entered data to ensure data accuracy and security. As a popular server-side scripting language, PHP provides a variety of options for data filtering, among which using regular expressions is a very powerful and flexible way. A regular expression is a pattern used to match and manipulate strings. it uses a series of words
PHP data filtering: efficiently handle special characters in databases
Aug 01, 2023 am 09:33 AM
PHP data filtering: effectively handle special characters in the database. When processing database operations, we often encounter some special characters or strings. These characters or strings may cause SQL statement execution to fail or the database to be injected into the attack. In order to ensure the security and reliability of data, we need to filter and process these special characters. In PHP, we can use some built-in functions or custom functions to handle these special characters. Next, I'll introduce some commonly used methods and code examples. addslas
PHP data filtering: preventing session hijacking and fraud
Aug 01, 2023 pm 08:57 PM
PHP Data Filtering: Preventing Session Hijacking and Fraud Overview: With the rapid development of the Internet, network security issues have become increasingly prominent. Among them, session hijacking and fraud are one of the more common problems. This article explains how to use PHP data filtering to prevent session hijacking and fraud. Potential risks can be effectively reduced through reasonable data input filtering and security verification. Session hijacking: Session hijacking means that the attacker obtains the user's session information through some means, and then impersonates the user's identity to perform various malicious operations. In order to prevent session hijacking, the following
