Maison > développement back-end > tutoriel php > php 过滤非法与特殊字符串的方法

php 过滤非法与特殊字符串的方法

PHP中文网
Libérer: 2022-05-23 15:24:59
avant
3780 Les gens l'ont consulté

在留言板中,有时需要对用户输入内容进行过滤,将一些非法与特殊字符串进行过滤处理,将其替换为*。下面本篇文章就来给大家分享一下过滤功能的实现代码,希望对大家有所帮助!

php 过滤非法与特殊字符串的方法

需求:用户在评论页面输入非法字符以后,需要将非法字符替换为*

简单实现方法:

1、index.php

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml"

<head

<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> 

<title>过滤留言板中的非法字符</title

<style type="text/css"

<!-- 

body { 

    margin-left: 0px; 

    margin-top: 0px; 

    margin-right: 0px; 

    margin-bottom: 0px; 

--> 

</style></head

<body

<table width="1002" height="585" border="0" align="center" cellpadding="0" cellspacing="0"

  <tr

    <td width="379" height="226"> </td

    <td width="445"> </td

    <td width="178"> </td

  </tr

     <form id="form1" name="form1" method="post" action="index_ok.php"

  <tr

    <td height="260"> </td

    <td align="center" valign="top"><table width="430" border="1" cellpadding="1" cellspacing="1" bordercolor="#FFFFFF" bgcolor="#99CC67"

      <tr

        <td width="81" height="30" align="right" bgcolor="#FFFFFF">发布主题:</td

        <td width="307" align="left" bgcolor="#FFFFFF"><input name="title" type="text" id="title" size="30" /></td

      </tr

      <tr

        <td align="right" bgcolor="#FFFFFF">发布内容:</td

        <td align="left" bgcolor="#FFFFFF"><textarea name="content" cols="43" rows="13" id="content"></textarea></td

      </tr

    </table></td

    <td> </td

  </tr

  <tr

    <td height="99"> </td

    <td align="center" valign="top"><table width="315" height="37" border="0" cellpadding="0" cellspacing="0"

      <tr

        <td width="169" align="center"><input type="image" name="imageField" src="images/bg1.JPG" /></td

        <td width="146" align="center"><input type="image" name="imageField2" src="images/bg3.JPG" onclick="form.reset();return false;" /></td

      </tr

    </table></td

    <td> </td

  </tr

      </form

</table

</body

</html>

Copier après la connexion

2、index_ok.php

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

<?php  

$title=$_POST[title]; 

$content=$_POST[content]; 

$str="****"

$titles = preg_replace("/(黑客)|(抓包)|(监听)/",$str,$title); 

$contents = preg_replace("/(黑客)|(抓包)|(监听)/",$str,$content); 

?> 

<html

<head

<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> 

<title>过滤留言板中的非法字符</title

<style type="text/css"

<!-- 

body { 

    margin-left: 0px; 

    margin-top: 0px; 

    margin-right: 0px; 

    margin-bottom: 0px; 

.STYLE1 { 

    font-size: 12px; 

    color: #855201; 

--> 

</style></head

<body

<table width="1002" height="585" border="0" align="center" cellpadding="0" cellspacing="0"

  <tr

    <td width="400" height="226"> </td

    <td width="406"> </td

    <td width="196"> </td

  </tr

     <form id="form1" name="form1" method="post" action="index_ok.php"

  <tr

    <td height="260"> </td

    <td align="left" valign="top"><p class="STYLE1">发布主题:<?php echo $titles;?></p

      <p class="STYLE1">发布内容:<?php echo $contents;?></p></td

    <td> </td

  </tr

  <tr

    <td> </td

    <td align="center" valign="top"> </td

    <td> </td

  </tr

  </form

</table

</body

</html>

Copier après la connexion

运行结果

1.png

复杂实现方法:可过滤JS 、PHP标签

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

//简单过滤JS 、PHP标签

function cleanJs($html){

  $html=trim($html);

  $html=str_replace(array(&#39;<?&#39;,&#39;?>&#39;),array(&#39;<?&#39;,&#39;?>&#39;),$html);

  $pattern=array(

  "&#39;<script[^>]*?>.*?</script>&#39;si",

  "&#39;<style[^>]*?>.*?</style>&#39;si",

  "&#39;<frame[^>]*?>&#39;si",

  "&#39;<iframe[^>]*?>.*?</iframe>&#39;si",

  "&#39;<link[^>]*?>&#39;si"

  );

  $replace=array("","","","","");

  return  preg_replace($pattern,$replace,$html);

}

/* Remove JS/CSS/IFRAME/FRAME 过滤JS/CSS/IFRAME/FRAME/XSS等恶意攻击代码(可安全使用)

 * Return string

 */

function cleanJsCss($html){

  $html=trim($html);

  $html=preg_replace(&#39;/\0+/&#39;, &#39;&#39;, $html);

  $html=preg_replace(&#39;/(\\\\0)+/&#39;, &#39;&#39;, $html);

  $html=preg_replace(&#39;#(&\#*\w+)[\x00-\x20]+;#u&#39;,"\\1;",$html);

  $html=preg_replace(&#39;#(&\#x*)([0-9A-F]+);*#iu&#39;,"\\1\\2;",$html);

  $html=preg_replace("/%u0([a-z0-9]{3})/i", "&#x\\1;", $html);

  $html=preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $html);

  $html=str_replace(array(&#39;<?&#39;,&#39;?>&#39;),array(&#39;<?&#39;,&#39;?>&#39;),$html);

  $html=preg_replace(&#39;#\t+#&#39;,&#39; &#39;,$html);

  $scripts=array(&#39;javascript&#39;,&#39;vbscript&#39;,&#39;script&#39;,&#39;applet&#39;,&#39;alert&#39;,&#39;document&#39;,&#39;write&#39;,&#39;cookie&#39;,&#39;window&#39;);

  foreach($scripts as $script){

      $temp_str="";

      for($i=0;$i<strlen($script);$i++){

          $temp_str.=substr($script,$i,1)."\s*";

      }

      $temp_str=substr($temp_str,0,-3);

      $html=preg_replace(&#39;#&#39;.$temp_str.&#39;#s&#39;,$script,$html);

      $html=preg_replace(&#39;#&#39;.ucfirst($temp_str).&#39;#s&#39;,ucfirst($script),$html);

  }

  $html=preg_replace("#<a.+?href=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>.*?</a>#si", "", $html);

  $html=preg_replace("#<img.+?src=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>#si", "", $html);

  $html=preg_replace("#<(script|xss).*?\>#si", "<\\1>", $html);

  $html=preg_replace(&#39;#(<[^>]*?)(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[^>]*>#is&#39;,"\\1>",$html);

  //$html=preg_replace(&#39;#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is&#39;, "<\\1\\2\\3>", $html);

  $html=preg_replace(&#39;#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is&#39;, "<\\1\\2\\3>", $html);

  $html=preg_replace(&#39;#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si&#39;, "\\1\\2(\\3)", $html);

  $bad=array(

  &#39;document.cookie&#39;   => &#39;&#39;,

  &#39;document.write&#39;    => &#39;&#39;,

  &#39;window.location&#39;   => &#39;&#39;,

  "javascript\s*:"    => &#39;&#39;,

  "Redirect\s+302"    => &#39;&#39;,

  &#39;<!--&#39;               => &#39;<!--&#39;,

  &#39;-->&#39;                => &#39;-->&#39;

  );

  foreach ($bad as $key=>$val){

      $html=preg_replace("#".$key."#i",$val,$html);

  }

  return  $html;

}

//过滤html标签以及敏感字符

 

function cleanHtml($html){

  return cleanYellow(htmlspecialchars($html));

}

//过滤部分HTML标签

 

function cleanFilter($html){

  $html=trim($html);

  $html=preg_replace("/<p[^>]*?>/is","<p>",$html);

  $html=preg_replace("/<div[^>]*?>/is","<div>",$html);

  $html=preg_replace("/<ul[^>]*?>/is","<ul>",$html);

  $html=preg_replace("/<li[^>]*?>/is","<li>",$html);

  $html=preg_replace("/<span[^>]*?/is","<span>",$html);

  $html=preg_replace("/<a[^>]*?>(.*)?<\/a>/is","\${1}",$html);

  $html=preg_replace("/<table[^>]*?>/is","<table>",$html);

  $html=preg_replace("/<tr[^>]*?>/is","<tr>",$html);

  $html=preg_replace("/<td[^>]*?>/is","<td>",$html);

  $html=preg_replace("/<ol[^>]*?>/is","<ol>",$html);

  $html=preg_replace("/<form[^>]*?>/is","",$html);

  $html=preg_replace("/<input[^>]*?>/is","",$html);

  return $html;

}

//过滤非法的敏感字符串

function cleanYellow($txt){

  $txt=str_replace(

  array("黄色","性爱","做爱","我日","我草","我靠","尻","共产党","胡锦涛","毛泽东",

  "政府","中央","研究生考试","性生活","色情","情色","我考","麻痹","妈的","阴道",

  "淫","奸","阴部","爱液","阴液","臀","色诱","煞笔","傻比","阴茎","法轮功","性交","阴毛","江泽民"),

  array("*1*","*2*","*3*","*4*","*5*","*6*","*7*","*8*","*9*","*10*",

  "*11*","*12*","*13*","*14*","*15*","*16*","*17*","*18*","*19*","*20*",

  "*21*","*22*","*23*","*24*","*25*","*26*","*27*","*28*","*29*","*30*","*31*","*32*","*33*","*34*"),

  $txt);

  return $txt;

}

//过滤敏感字符串以及恶意代码

function cleanAll($html){

  return cleanYellow(cleanJsCss($html));

}

//全半角字符替换

function setFilter($html){

      $arr=array(&#39;0&#39; => &#39;0&#39;, &#39;1&#39; => &#39;1&#39;, &#39;2&#39; => &#39;2&#39;, &#39;3&#39; => &#39;3&#39;, &#39;4&#39; => &#39;4&#39;,

               &#39;5&#39; => &#39;5&#39;, &#39;6&#39; => &#39;6&#39;, &#39;7&#39; => &#39;7&#39;, &#39;8&#39; => &#39;8&#39;, &#39;9&#39; => &#39;9&#39;,

               &#39;A&#39; => &#39;A&#39;, &#39;B&#39; => &#39;B&#39;, &#39;C&#39; => &#39;C&#39;, &#39;D&#39; => &#39;D&#39;, &#39;E&#39; => &#39;E&#39;,

               &#39;F&#39; => &#39;F&#39;, &#39;G&#39; => &#39;G&#39;, &#39;H&#39; => &#39;H&#39;, &#39;I&#39; => &#39;I&#39;, &#39;J&#39; => &#39;J&#39;,

               &#39;K&#39; => &#39;K&#39;, &#39;L&#39; => &#39;L&#39;, &#39;M&#39; => &#39;M&#39;, &#39;N&#39; => &#39;N&#39;, &#39;O&#39; => &#39;O&#39;,

               &#39;P&#39; => &#39;P&#39;, &#39;Q&#39; => &#39;Q&#39;, &#39;R&#39; => &#39;R&#39;, &#39;S&#39; => &#39;S&#39;, &#39;T&#39; => &#39;T&#39;,

               &#39;U&#39; => &#39;U&#39;, &#39;V&#39; => &#39;V&#39;, &#39;W&#39; => &#39;W&#39;, &#39;X&#39; => &#39;X&#39;, &#39;Y&#39; => &#39;Y&#39;,

               &#39;Z&#39; => &#39;Z&#39;, &#39;a&#39; => &#39;a&#39;, &#39;b&#39; => &#39;b&#39;, &#39;c&#39; => &#39;c&#39;, &#39;d&#39; => &#39;d&#39;,

               &#39;e&#39; => &#39;e&#39;, &#39;f&#39; => &#39;f&#39;, &#39;g&#39; => &#39;g&#39;, &#39;h&#39; => &#39;h&#39;, &#39;i&#39; => &#39;i&#39;,

               &#39;j&#39; => &#39;j&#39;, &#39;k&#39; => &#39;k&#39;, &#39;l&#39; => &#39;l&#39;, &#39;m&#39; => &#39;m&#39;, &#39;n&#39; => &#39;n&#39;,

               &#39;o&#39; => &#39;o&#39;, &#39;p&#39; => &#39;p&#39;, &#39;q&#39; => &#39;q&#39;, &#39;r&#39; => &#39;r&#39;, &#39;s&#39; => &#39;s&#39;,

               &#39;t&#39; => &#39;t&#39;, &#39;u&#39; => &#39;u&#39;, &#39;v&#39; => &#39;v&#39;, &#39;w&#39; => &#39;w&#39;, &#39;x&#39; => &#39;x&#39;,

               &#39;y&#39; => &#39;y&#39;, &#39;z&#39; => &#39;z&#39;,

               &#39;(&#39; => &#39;(&#39;, &#39;)&#39; => &#39;)&#39;, &#39;〔&#39; => &#39;[&#39;, &#39;〕&#39; => &#39;]&#39;, &#39;【&#39; => &#39;[&#39;,

               &#39;】&#39; => &#39;]&#39;, &#39;〖&#39; => &#39;[&#39;, &#39;〗&#39; => &#39;]&#39;, &#39;“&#39; => &#39;[&#39;, &#39;”&#39; => &#39;]&#39;,

               &#39;‘&#39; => &#39;[&#39;, &#39;’&#39; => &#39;]&#39;, &#39;{&#39; => &#39;{&#39;, &#39;}&#39; => &#39;}&#39;, &#39;《&#39; => &#39;<&#39;,

               &#39;》&#39; => &#39;>&#39;,

               &#39;%&#39; => &#39;%&#39;, &#39;+&#39; => &#39;+&#39;, &#39;—&#39; => &#39;-&#39;, &#39;-&#39; => &#39;-&#39;, &#39;~&#39; => &#39;-&#39;,

               &#39;:&#39; => &#39;:&#39;, &#39;。&#39; => &#39;.&#39;, &#39;、&#39; => &#39;,&#39;, &#39;,&#39; => &#39;.&#39;, &#39;、&#39; => &#39;.&#39;,

               &#39;;&#39; => &#39;,&#39;, &#39;?&#39; => &#39;?&#39;, &#39;!&#39; => &#39;!&#39;, &#39;…&#39; => &#39;-&#39;, &#39;‖&#39; => &#39;|&#39;,

               &#39;”&#39; => &#39;"&#39;, &#39;’&#39; => &#39;`&#39;, &#39;‘&#39; => &#39;`&#39;, &#39;|&#39; => &#39;|&#39;, &#39;〃&#39; => &#39;"&#39;,

               &#39; &#39; => &#39; &#39;);

      return  strtr($html,$arr);

}

Copier après la connexion

推荐学习:《PHP视频教程

Étiquettes associées:
source:iteye.com
Déclaration de ce site Web
Le contenu de cet article est volontairement contribué par les internautes et les droits d'auteur appartiennent à l'auteur original. Ce site n'assume aucune responsabilité légale correspondante. Si vous trouvez un contenu suspecté de plagiat ou de contrefaçon, veuillez contacter admin@php.cn
Tutoriels populaires
Plus>
Derniers téléchargements
Plus>
effets Web
Code source du site Web
Matériel du site Web
Modèle frontal