Heim > Backend-Entwicklung > PHP-Tutorial > php 过滤非法与特殊字符串的方法

php 过滤非法与特殊字符串的方法

PHP中文网
Freigeben: 2022-05-23 15:24:59
nach vorne
3779 Leute haben es durchsucht

在留言板中,有时需要对用户输入内容进行过滤,将一些非法与特殊字符串进行过滤处理,将其替换为*。下面本篇文章就来给大家分享一下过滤功能的实现代码,希望对大家有所帮助!

php 过滤非法与特殊字符串的方法

需求:用户在评论页面输入非法字符以后,需要将非法字符替换为*

简单实现方法:

1、index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />  
<title>过滤留言板中的非法字符</title>  
<style type="text/css">  
<!--  
body {  
    margin-left: 0px;  
    margin-top: 0px;  
    margin-right: 0px;  
    margin-bottom: 0px;  
}  
-->  
</style></head>  
<body>  
<table width="1002" height="585" border="0" align="center" cellpadding="0" cellspacing="0">  
  <tr>  
    <td width="379" height="226"> </td>  
    <td width="445"> </td>  
    <td width="178"> </td>  
  </tr>  
     <form id="form1" name="form1" method="post" action="index_ok.php">  
  <tr>  
    <td height="260"> </td>  
    <td align="center" valign="top"><table width="430" border="1" cellpadding="1" cellspacing="1" bordercolor="#FFFFFF" bgcolor="#99CC67">  
      <tr>  
        <td width="81" height="30" align="right" bgcolor="#FFFFFF">发布主题:</td>  
        <td width="307" align="left" bgcolor="#FFFFFF"><input name="title" type="text" id="title" size="30" /></td>  
      </tr>  
      <tr>  
        <td align="right" bgcolor="#FFFFFF">发布内容:</td>  
        <td align="left" bgcolor="#FFFFFF"><textarea name="content" cols="43" rows="13" id="content"></textarea></td>  
      </tr>  
    </table></td>  
    <td> </td>  
  </tr>  
  <tr>  
    <td height="99"> </td>  
    <td align="center" valign="top"><table width="315" height="37" border="0" cellpadding="0" cellspacing="0">  
      <tr>  
        <td width="169" align="center"><input type="image" name="imageField" src="images/bg1.JPG" /></td>  
        <td width="146" align="center"><input type="image" name="imageField2" src="images/bg3.JPG" onclick="form.reset();return false;" /></td>  
      </tr>  
    </table></td>  
    <td> </td>  
  </tr>  
      </form>  
</table>  
</body>  
</html>
Nach dem Login kopieren

2、index_ok.php

<?php   
$title=$_POST[title];  
$content=$_POST[content];  
$str="****";  
$titles = preg_replace("/(黑客)|(抓包)|(监听)/",$str,$title);  
$contents = preg_replace("/(黑客)|(抓包)|(监听)/",$str,$content);  
?>  
<html>  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />  
<title>过滤留言板中的非法字符</title>  
<style type="text/css">  
<!--  
body {  
    margin-left: 0px;  
    margin-top: 0px;  
    margin-right: 0px;  
    margin-bottom: 0px;  
}  
.STYLE1 {  
    font-size: 12px;  
    color: #855201;  
}  
-->  
</style></head>  
<body>  
<table width="1002" height="585" border="0" align="center" cellpadding="0" cellspacing="0">  
  <tr>  
    <td width="400" height="226"> </td>  
    <td width="406"> </td>  
    <td width="196"> </td>  
  </tr>  
     <form id="form1" name="form1" method="post" action="index_ok.php">  
  <tr>  
    <td height="260"> </td>  
    <td align="left" valign="top"><p class="STYLE1">发布主题:<?php echo $titles;?></p>  
      <p class="STYLE1">发布内容:<?php echo $contents;?></p></td>  
    <td> </td>  
  </tr>  
  <tr>  
    <td> </td>  
    <td align="center" valign="top"> </td>  
    <td> </td>  
  </tr>  
  </form>  
</table>  
</body>  
</html>
Nach dem Login kopieren

运行结果

1.png

复杂实现方法:可过滤JS 、PHP标签

  //简单过滤JS 、PHP标签
  function cleanJs($html){
  	$html=trim($html);
  	$html=str_replace(array(&#39;<?&#39;,&#39;?>&#39;),array(&#39;<?&#39;,&#39;?>&#39;),$html);
  	$pattern=array(
    "&#39;<script[^>]*?>.*?</script>&#39;si",
    "&#39;<style[^>]*?>.*?</style>&#39;si",
    "&#39;<frame[^>]*?>&#39;si",
    "&#39;<iframe[^>]*?>.*?</iframe>&#39;si",
    "&#39;<link[^>]*?>&#39;si"
    );
    $replace=array("","","","","");
    return	preg_replace($pattern,$replace,$html);
  }
  /* Remove JS/CSS/IFRAME/FRAME 过滤JS/CSS/IFRAME/FRAME/XSS等恶意攻击代码(可安全使用)
   * Return string
   */
  function cleanJsCss($html){
  	$html=trim($html);
  	$html=preg_replace(&#39;/\0+/&#39;, &#39;&#39;, $html);
	$html=preg_replace(&#39;/(\\\\0)+/&#39;, &#39;&#39;, $html);
	$html=preg_replace(&#39;#(&\#*\w+)[\x00-\x20]+;#u&#39;,"\\1;",$html);
	$html=preg_replace(&#39;#(&\#x*)([0-9A-F]+);*#iu&#39;,"\\1\\2;",$html);
	$html=preg_replace("/%u0([a-z0-9]{3})/i", "&#x\\1;", $html);
	$html=preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $html);
  	$html=str_replace(array(&#39;<?&#39;,&#39;?>&#39;),array(&#39;<?&#39;,&#39;?>&#39;),$html);
    $html=preg_replace(&#39;#\t+#&#39;,&#39; &#39;,$html);
	$scripts=array(&#39;javascript&#39;,&#39;vbscript&#39;,&#39;script&#39;,&#39;applet&#39;,&#39;alert&#39;,&#39;document&#39;,&#39;write&#39;,&#39;cookie&#39;,&#39;window&#39;);
	foreach($scripts as $script){
		$temp_str="";
		for($i=0;$i<strlen($script);$i++){
			$temp_str.=substr($script,$i,1)."\s*";
		}
		$temp_str=substr($temp_str,0,-3);
		$html=preg_replace(&#39;#&#39;.$temp_str.&#39;#s&#39;,$script,$html);
		$html=preg_replace(&#39;#&#39;.ucfirst($temp_str).&#39;#s&#39;,ucfirst($script),$html);
	}
	$html=preg_replace("#<a.+?href=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>.*?</a>#si", "", $html);
	$html=preg_replace("#<img.+?src=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>#si", "", $html);
	$html=preg_replace("#<(script|xss).*?\>#si", "<\\1>", $html);
	$html=preg_replace(&#39;#(<[^>]*?)(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[^>]*>#is&#39;,"\\1>",$html);
	//$html=preg_replace(&#39;#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is&#39;, "<\\1\\2\\3>", $html);
	$html=preg_replace(&#39;#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is&#39;, "<\\1\\2\\3>", $html);
	$html=preg_replace(&#39;#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si&#39;, "\\1\\2(\\3)", $html);
	$bad=array(
	&#39;document.cookie&#39;	=> &#39;&#39;,
	&#39;document.write&#39;	=> &#39;&#39;,
	&#39;window.location&#39;	=> &#39;&#39;,
	"javascript\s*:"	=> &#39;&#39;,
	"Redirect\s+302"	=> &#39;&#39;,
	&#39;<!--&#39;				=> &#39;<!--&#39;,
	&#39;-->&#39;				=> &#39;-->&#39;
	);
	foreach ($bad as $key=>$val){
		$html=preg_replace("#".$key."#i",$val,$html);
	}
    return	$html;
  }
  //过滤html标签以及敏感字符

  function cleanHtml($html){
  	return cleanYellow(htmlspecialchars($html));
  }
  //过滤部分HTML标签

  function cleanFilter($html){
  	$html=trim($html);
  	$html=preg_replace("/<p[^>]*?>/is","<p>",$html);
  	$html=preg_replace("/<div[^>]*?>/is","<div>",$html);
  	$html=preg_replace("/<ul[^>]*?>/is","<ul>",$html);
  	$html=preg_replace("/<li[^>]*?>/is","<li>",$html);
  	$html=preg_replace("/<span[^>]*?/is","<span>",$html);
  	$html=preg_replace("/<a[^>]*?>(.*)?<\/a>/is","\${1}",$html);
  	$html=preg_replace("/<table[^>]*?>/is","<table>",$html);
  	$html=preg_replace("/<tr[^>]*?>/is","<tr>",$html);
  	$html=preg_replace("/<td[^>]*?>/is","<td>",$html);
  	$html=preg_replace("/<ol[^>]*?>/is","<ol>",$html);
  	$html=preg_replace("/<form[^>]*?>/is","",$html);
  	$html=preg_replace("/<input[^>]*?>/is","",$html);
  	return $html;
  }
  //过滤非法的敏感字符串
  function cleanYellow($txt){
  	$txt=str_replace(
  	array("黄色","性爱","做爱","我日","我草","我靠","尻","共产党","胡锦涛","毛泽东",
  	"政府","中央","研究生考试","性生活","色情","情色","我考","麻痹","妈的","阴道",
  	"淫","奸","阴部","爱液","阴液","臀","色诱","煞笔","傻比","阴茎","法轮功","性交","阴毛","江泽民"),
  	array("*1*","*2*","*3*","*4*","*5*","*6*","*7*","*8*","*9*","*10*",
  	"*11*","*12*","*13*","*14*","*15*","*16*","*17*","*18*","*19*","*20*",
  	"*21*","*22*","*23*","*24*","*25*","*26*","*27*","*28*","*29*","*30*","*31*","*32*","*33*","*34*"),
  	$txt);
  	return $txt;
  }
  //过滤敏感字符串以及恶意代码
  function cleanAll($html){
  	return cleanYellow(cleanJsCss($html));
  }
  //全半角字符替换
  function setFilter($html){
  		$arr=array(&#39;0&#39; => &#39;0&#39;, &#39;1&#39; => &#39;1&#39;, &#39;2&#39; => &#39;2&#39;, &#39;3&#39; => &#39;3&#39;, &#39;4&#39; => &#39;4&#39;,
                 &#39;5&#39; => &#39;5&#39;, &#39;6&#39; => &#39;6&#39;, &#39;7&#39; => &#39;7&#39;, &#39;8&#39; => &#39;8&#39;, &#39;9&#39; => &#39;9&#39;,
                 &#39;A&#39; => &#39;A&#39;, &#39;B&#39; => &#39;B&#39;, &#39;C&#39; => &#39;C&#39;, &#39;D&#39; => &#39;D&#39;, &#39;E&#39; => &#39;E&#39;,
                 &#39;F&#39; => &#39;F&#39;, &#39;G&#39; => &#39;G&#39;, &#39;H&#39; => &#39;H&#39;, &#39;I&#39; => &#39;I&#39;, &#39;J&#39; => &#39;J&#39;,
                 &#39;K&#39; => &#39;K&#39;, &#39;L&#39; => &#39;L&#39;, &#39;M&#39; => &#39;M&#39;, &#39;N&#39; => &#39;N&#39;, &#39;O&#39; => &#39;O&#39;,
                 &#39;P&#39; => &#39;P&#39;, &#39;Q&#39; => &#39;Q&#39;, &#39;R&#39; => &#39;R&#39;, &#39;S&#39; => &#39;S&#39;, &#39;T&#39; => &#39;T&#39;,
                 &#39;U&#39; => &#39;U&#39;, &#39;V&#39; => &#39;V&#39;, &#39;W&#39; => &#39;W&#39;, &#39;X&#39; => &#39;X&#39;, &#39;Y&#39; => &#39;Y&#39;,
                 &#39;Z&#39; => &#39;Z&#39;, &#39;a&#39; => &#39;a&#39;, &#39;b&#39; => &#39;b&#39;, &#39;c&#39; => &#39;c&#39;, &#39;d&#39; => &#39;d&#39;,
                 &#39;e&#39; => &#39;e&#39;, &#39;f&#39; => &#39;f&#39;, &#39;g&#39; => &#39;g&#39;, &#39;h&#39; => &#39;h&#39;, &#39;i&#39; => &#39;i&#39;,
                 &#39;j&#39; => &#39;j&#39;, &#39;k&#39; => &#39;k&#39;, &#39;l&#39; => &#39;l&#39;, &#39;m&#39; => &#39;m&#39;, &#39;n&#39; => &#39;n&#39;,
                 &#39;o&#39; => &#39;o&#39;, &#39;p&#39; => &#39;p&#39;, &#39;q&#39; => &#39;q&#39;, &#39;r&#39; => &#39;r&#39;, &#39;s&#39; => &#39;s&#39;,
                 &#39;t&#39; => &#39;t&#39;, &#39;u&#39; => &#39;u&#39;, &#39;v&#39; => &#39;v&#39;, &#39;w&#39; => &#39;w&#39;, &#39;x&#39; => &#39;x&#39;,
                 &#39;y&#39; => &#39;y&#39;, &#39;z&#39; => &#39;z&#39;,
                 &#39;(&#39; => &#39;(&#39;, &#39;)&#39; => &#39;)&#39;, &#39;〔&#39; => &#39;[&#39;, &#39;〕&#39; => &#39;]&#39;, &#39;【&#39; => &#39;[&#39;,
                 &#39;】&#39; => &#39;]&#39;, &#39;〖&#39; => &#39;[&#39;, &#39;〗&#39; => &#39;]&#39;, &#39;“&#39; => &#39;[&#39;, &#39;”&#39; => &#39;]&#39;,
                 &#39;‘&#39; => &#39;[&#39;, &#39;’&#39; => &#39;]&#39;, &#39;{&#39; => &#39;{&#39;, &#39;}&#39; => &#39;}&#39;, &#39;《&#39; => &#39;<&#39;,
                 &#39;》&#39; => &#39;>&#39;,
                 &#39;%&#39; => &#39;%&#39;, &#39;+&#39; => &#39;+&#39;, &#39;—&#39; => &#39;-&#39;, &#39;-&#39; => &#39;-&#39;, &#39;~&#39; => &#39;-&#39;,
                 &#39;:&#39; => &#39;:&#39;, &#39;。&#39; => &#39;.&#39;, &#39;、&#39; => &#39;,&#39;, &#39;,&#39; => &#39;.&#39;, &#39;、&#39; => &#39;.&#39;,
                 &#39;;&#39; => &#39;,&#39;, &#39;?&#39; => &#39;?&#39;, &#39;!&#39; => &#39;!&#39;, &#39;…&#39; => &#39;-&#39;, &#39;‖&#39; => &#39;|&#39;,
                 &#39;”&#39; => &#39;"&#39;, &#39;’&#39; => &#39;`&#39;, &#39;‘&#39; => &#39;`&#39;, &#39;|&#39; => &#39;|&#39;, &#39;〃&#39; => &#39;"&#39;,
                 &#39; &#39; => &#39; &#39;);
    	return	strtr($html,$arr);
  }
Nach dem Login kopieren

推荐学习:《PHP视频教程

Verwandte Etiketten:
Quelle:iteye.com
Erklärung dieser Website
Der Inhalt dieses Artikels wird freiwillig von Internetnutzern beigesteuert und das Urheberrecht liegt beim ursprünglichen Autor. Diese Website übernimmt keine entsprechende rechtliche Verantwortung. Wenn Sie Inhalte finden, bei denen der Verdacht eines Plagiats oder einer Rechtsverletzung besteht, wenden Sie sich bitte an admin@php.cn
Beliebte Tutorials
Mehr>
Neueste Downloads
Mehr>
Web-Effekte
Quellcode der Website
Website-Materialien
Frontend-Vorlage