首页
课程
路径
文章
PHP培训
精品课
下载

技术文章  >  后端开发 > php教程

php 过滤非法与特殊字符串的方法

PHP中文网
PHP中文网 转载
2022-05-23 15:24:59 3280浏览

在留言板中,有时需要对用户输入内容进行过滤,将一些非法与特殊字符串进行过滤处理,将其替换为*。下面本篇文章就来给大家分享一下过滤功能的实现代码,希望对大家有所帮助!

需求:用户在评论页面输入非法字符以后,需要将非法字符替换为*

简单实现方法:

1、index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />  
<title>过滤留言板中的非法字符</title>  
<style type="text/css">  
<!--  
body {  
    margin-left: 0px;  
    margin-top: 0px;  
    margin-right: 0px;  
    margin-bottom: 0px;  
}  
-->  
</style></head>  
<body>  
<table width="1002" height="585" border="0" align="center" cellpadding="0" cellspacing="0">  
  <tr>  
    <td width="379" height="226">&nbsp;</td>  
    <td width="445">&nbsp;</td>  
    <td width="178">&nbsp;</td>  
  </tr>  
     <form id="form1" name="form1" method="post" action="index_ok.php">  
  <tr>  
    <td height="260">&nbsp;</td>  
    <td align="center" valign="top"><table width="430" border="1" cellpadding="1" cellspacing="1" bordercolor="#FFFFFF" bgcolor="#99CC67">  
      <tr>  
        <td width="81" height="30" align="right" bgcolor="#FFFFFF">发布主题:</td>  
        <td width="307" align="left" bgcolor="#FFFFFF"><input name="title" type="text" id="title" size="30" /></td>  
      </tr>  
      <tr>  
        <td align="right" bgcolor="#FFFFFF">发布内容:</td>  
        <td align="left" bgcolor="#FFFFFF"><textarea name="content" cols="43" rows="13" id="content"></textarea></td>  
      </tr>  
    </table></td>  
    <td>&nbsp;</td>  
  </tr>  
  <tr>  
    <td height="99">&nbsp;</td>  
    <td align="center" valign="top"><table width="315" height="37" border="0" cellpadding="0" cellspacing="0">  
      <tr>  
        <td width="169" align="center"><input type="image" name="imageField" src="images/bg1.JPG" /></td>  
        <td width="146" align="center"><input type="image" name="imageField2" src="images/bg3.JPG" onclick="form.reset();return false;" /></td>  
      </tr>  
    </table></td>  
    <td>&nbsp;</td>  
  </tr>  
      </form>  
</table>  
</body>  
</html>

2、index_ok.php

<?php   
$title=$_POST[title];  
$content=$_POST[content];  
$str="****";  
$titles = preg_replace("/(黑客)|(抓包)|(监听)/",$str,$title);  
$contents = preg_replace("/(黑客)|(抓包)|(监听)/",$str,$content);  
?>  
<html>  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />  
<title>过滤留言板中的非法字符</title>  
<style type="text/css">  
<!--  
body {  
    margin-left: 0px;  
    margin-top: 0px;  
    margin-right: 0px;  
    margin-bottom: 0px;  
}  
.STYLE1 {  
    font-size: 12px;  
    color: #855201;  
}  
-->  
</style></head>  
<body>  
<table width="1002" height="585" border="0" align="center" cellpadding="0" cellspacing="0">  
  <tr>  
    <td width="400" height="226">&nbsp;</td>  
    <td width="406">&nbsp;</td>  
    <td width="196">&nbsp;</td>  
  </tr>  
     <form id="form1" name="form1" method="post" action="index_ok.php">  
  <tr>  
    <td height="260">&nbsp;</td>  
    <td align="left" valign="top"><p class="STYLE1">发布主题:<?php echo $titles;?></p>  
      <p class="STYLE1">发布内容:<?php echo $contents;?></p></td>  
    <td>&nbsp;</td>  
  </tr>  
  <tr>  
    <td>&nbsp;</td>  
    <td align="center" valign="top">&nbsp;</td>  
    <td>&nbsp;</td>  
  </tr>  
  </form>  
</table>  
</body>  
</html>

运行结果

1.png

复杂实现方法:可过滤JS 、PHP标签

  //简单过滤JS 、PHP标签
  function cleanJs($html){
  	$html=trim($html);
  	$html=str_replace(array('<?','?>'),array('<?','?>'),$html);
  	$pattern=array(
    "'<script[^>]*?>.*?</script>'si",
    "'<style[^>]*?>.*?</style>'si",
    "'<frame[^>]*?>'si",
    "'<iframe[^>]*?>.*?</iframe>'si",
    "'<link[^>]*?>'si"
    );
    $replace=array("","","","","");
    return	preg_replace($pattern,$replace,$html);
  }
  /* Remove JS/CSS/IFRAME/FRAME 过滤JS/CSS/IFRAME/FRAME/XSS等恶意攻击代码(可安全使用)
   * Return string
   */
  function cleanJsCss($html){
  	$html=trim($html);
  	$html=preg_replace('/\0+/', '', $html);
	$html=preg_replace('/(\\\\0)+/', '', $html);
	$html=preg_replace('#(&\#*\w+)[\x00-\x20]+;#u',"\\1;",$html);
	$html=preg_replace('#(&\#x*)([0-9A-F]+);*#iu',"\\1\\2;",$html);
	$html=preg_replace("/%u0([a-z0-9]{3})/i", "&#x\\1;", $html);
	$html=preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $html);
  	$html=str_replace(array('<?','?>'),array('<?','?>'),$html);
    $html=preg_replace('#\t+#',' ',$html);
	$scripts=array('javascript','vbscript','script','applet','alert','document','write','cookie','window');
	foreach($scripts as $script){
		$temp_str="";
		for($i=0;$i<strlen($script);$i++){
			$temp_str.=substr($script,$i,1)."\s*";
		}
		$temp_str=substr($temp_str,0,-3);
		$html=preg_replace('//m.sbmmt.com/m/faq/#'.$temp_str.'#s',$script,$html);
		$html=preg_replace('//m.sbmmt.com/m/faq/#'.ucfirst($temp_str).'#s',ucfirst($script),$html);
	}
	$html=preg_replace("#<a.+?href=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>.*?</a>#si", "", $html);
	$html=preg_replace("#<img.+?src=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>#si", "", $html);
	$html=preg_replace("#<(script|xss).*?\>#si", "<\\1>", $html);
	$html=preg_replace('#(<[^>]*?)(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[^>]*>#is',"\\1>",$html);
	//$html=preg_replace('#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is', "<\\1\\2\\3>", $html);
	$html=preg_replace('#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is', "<\\1\\2\\3>", $html);
	$html=preg_replace('#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $html);
	$bad=array(
	'document.cookie'	=> '',
	'document.write'	=> '',
	'window.location'	=> '',
	"javascript\s*:"	=> '',
	"Redirect\s+302"	=> '',
	'<!--'				=> '<!--',
	'-->'				=> '-->'
	);
	foreach ($bad as $key=>$val){
		$html=preg_replace("//m.sbmmt.com/m/faq/#".$key."#i",$val,$html);
	}
    return	$html;
  }
  //过滤html标签以及敏感字符

  function cleanHtml($html){
  	return cleanYellow(htmlspecialchars($html));
  }
  //过滤部分HTML标签

  function cleanFilter($html){
  	$html=trim($html);
  	$html=preg_replace("/<p[^>]*?>/is","<p>",$html);
  	$html=preg_replace("/<div[^>]*?>/is","<div>",$html);
  	$html=preg_replace("/<ul[^>]*?>/is","<ul>",$html);
  	$html=preg_replace("/<li[^>]*?>/is","<li>",$html);
  	$html=preg_replace("/<span[^>]*?/is","<span>",$html);
  	$html=preg_replace("/<a[^>]*?>(.*)?<\/a>/is","\${1}",$html);
  	$html=preg_replace("/<table[^>]*?>/is","<table>",$html);
  	$html=preg_replace("/<tr[^>]*?>/is","<tr>",$html);
  	$html=preg_replace("/<td[^>]*?>/is","<td>",$html);
  	$html=preg_replace("/<ol[^>]*?>/is","<ol>",$html);
  	$html=preg_replace("/<form[^>]*?>/is","",$html);
  	$html=preg_replace("/<input[^>]*?>/is","",$html);
  	return $html;
  }
  //过滤非法的敏感字符串
  function cleanYellow($txt){
  	$txt=str_replace(
  	array("黄色","性爱","做爱","我日","我草","我靠","尻","共产党","胡锦涛","毛泽东",
  	"政府","中央","研究生考试","性生活","色情","情色","我考","麻痹","妈的","阴道",
  	"淫","奸","阴部","爱液","阴液","臀","色诱","煞笔","傻比","阴茎","法轮功","性交","阴毛","江泽民"),
  	array("*1*","*2*","*3*","*4*","*5*","*6*","*7*","*8*","*9*","*10*",
  	"*11*","*12*","*13*","*14*","*15*","*16*","*17*","*18*","*19*","*20*",
  	"*21*","*22*","*23*","*24*","*25*","*26*","*27*","*28*","*29*","*30*","*31*","*32*","*33*","*34*"),
  	$txt);
  	return $txt;
  }
  //过滤敏感字符串以及恶意代码
  function cleanAll($html){
  	return cleanYellow(cleanJsCss($html));
  }
  //全半角字符替换
  function setFilter($html){
  		$arr=array('0' => '0', '1' => '1', '2' => '2', '3' => '3', '4' => '4',
                 '5' => '5', '6' => '6', '7' => '7', '8' => '8', '9' => '9',
                 'A' => 'A', 'B' => 'B', 'C' => 'C', 'D' => 'D', 'E' => 'E',
                 'F' => 'F', 'G' => 'G', 'H' => 'H', 'I' => 'I', 'J' => 'J',
                 'K' => 'K', 'L' => 'L', 'M' => 'M', 'N' => 'N', 'O' => 'O',
                 'P' => 'P', 'Q' => 'Q', 'R' => 'R', 'S' => 'S', 'T' => 'T',
                 'U' => 'U', 'V' => 'V', 'W' => 'W', 'X' => 'X', 'Y' => 'Y',
                 'Z' => 'Z', 'a' => 'a', 'b' => 'b', 'c' => 'c', 'd' => 'd',
                 'e' => 'e', 'f' => 'f', 'g' => 'g', 'h' => 'h', 'i' => 'i',
                 'j' => 'j', 'k' => 'k', 'l' => 'l', 'm' => 'm', 'n' => 'n',
                 'o' => 'o', 'p' => 'p', 'q' => 'q', 'r' => 'r', 's' => 's',
                 't' => 't', 'u' => 'u', 'v' => 'v', 'w' => 'w', 'x' => 'x',
                 'y' => 'y', 'z' => 'z',
                 '(' => '(', ')' => ')', '〔' => '[', '〕' => ']', '【' => '[',
                 '】' => ']', '〖' => '[', '〗' => ']', '“' => '[', '”' => ']',
                 '‘' => '[', '’' => ']', '{' => '{', '}' => '}', '《' => '<',
                 '》' => '>',
                 '%' => '%', '+' => '+', '—' => '-', '-' => '-', '~' => '-',
                 ':' => ':', '。' => '.', '、' => ',', ',' => '.', '、' => '.',
                 ';' => ',', '?' => '?', '!' => '!', '…' => '-', '‖' => '|',
                 '”' => '"', '’' => '`', '‘' => '`', '|' => '|', '〃' => '"',
                 ' ' => ' ');
    	return	strtr($html,$arr);
  }

推荐学习:《PHP视频教程

php字符串PHP课程HTML视频教程CSS视频JS视频教程Vue视频教程
声明:本文转载于:iteye,如有侵犯,请联系admin@php.cn删除
上一条:wamp打开phpmyadmin提示“缺少 mysqli 扩展。请检查 PHP 配置。”的解决方法 下一条:php中$_GET,$_POST,$_REQUEST和$_SERVER的用法

相关文章

查看更多
  • 热门课程
打开APP,随时随地在线学习!