本文实例讲述了php表单敏感字符过滤类及其用法。分享给大家供大家参考。具体分析如下:
复制代码 代码如下:/** * 表单生成验证文件 */ $_form = new formHtmlFind(); class formHtmlFind{ /** * 输出表单函数 * $formKey 表单键 * $infoArray 更新时的原始信息数组 */ public function formHtml($array,$infoArray="") { // 检测数组是否存在 if(emptyempty($array))return false; $newform = null; // 信息数组(更新信息) $this->infoArray = !emptyempty($infoArray)?$infoArray:array(); $this->array["class"] = get_class_methods(get_class()); foreach ($array as $key =>$arr) { // 键值转换为纯英文 $key = preg_replace("/[^a-z]/i","",$key); // 生成表单 $newform .= $this->outputForm($arr,$key); } // 输出表单 return $newform.$this->jsError(); } /** * 生成表单函数 */ private function outputForm($arr,$key) { $value = null; if(emptyempty($arr))return false; // input Type $type = $key; // input NAME $name = trim($arr[0]); // input 初始值 不包含多选,单选类 $value = (!emptyempty($this->infoArray[$name]))? trim($this->infoArray[$name]):trim($arr[1]); $value = emptyempty($this->post[$name])? $value :trim($this->post[$name]); // input Title $title = trim($arr[2]); // 样式 $style = trim($arr[3]); if($key!=="hidden") { $dt = "<dt>{$title}</dt><dd>"; // js错误提示 $dd = "<tt id="J{$name}"></tt></dd>rn"; } return (!preg_match("/checkbox|select|radio/i",$key))? $dt.$this->newInput($type,$name,$value,$style,$title).$dd: $this->formSelect($type,$name,$arr[1],$title,$style); // 多选类 } /** * 提交数据检测 */ public function postForm($array) { // 检测数组是否存在 if(emptyempty($array)||emptyempty($_POST))return false; $this->post = $_POST; $this->array["class"] = get_class_methods(get_class()); foreach ($array as $key =>$arr) { // 键值转换为纯英文 $key = preg_replace("/[^a-z]/i","",$key); // 检测 注销file类表单 if (!emptyempty($arr)&&"file" != $key)$newData[trim($arr[0])] = $this->postFind($arr,$key); } // 输出表单 if(!emptyempty($this->error)) { return false; } else return $newData; } /** * 生成表单 */ private function newInput($type,$name,$value,$style,$title) { switch ($type) { case "text": // 单行文本 return "<input type="text" name="{$name}" value="{$value}" {$style}/>"; break; case "password": //密码输入 return "<input type="password" name="{$name}" {$style}/>"; break; case "": //多行文本 return "<textarea name="{$name}" {$style}/>{$value}</textarea>"; break; case "hidden": // 隐藏 return "<input type="hidden" name="{$name}" value="{$value}" {$style}/>"; break; case "file": // 文件上传 return "<input type= "file"name="{$name}" {$style}/>"; break; case "submit": // 提交 return "<input type="submit" name="{$name}" value="$value" $style}/>"; break; default: return "{$type}类型错误!!!"; break; } } /** * 提交信息检测 * 错误返回error */ private function postFind($arr,$key) { if(emptyempty($arr))return false; $name = $title =$error =$find =$standard =null; // input NAME $name = trim($arr[0]); // input Title $title = trim($arr[2]); // 错误提示 $error = trim($arr[4]); // 检测类型 Y N $find = trim($arr[5]); // 检测标准 $standard = trim($arr[6]); // if(!emptyempty($standard))$this->error .=$this->ck_split($standard,$name,$title,$find,$error); // 转换为字符串 if(is_array($this->post[$name]))$this->post[$name] = implode(",",$this->post[$name]); // 转义或其他转化 $KKarray = array(); if(preg_match("/Y|N/is",$find)) { $KKarray = split("_", $find); // 转义或过滤 $escape_filter = (!emptyempty($KKarray[1]))?"ck_".$KKarray[1]:""; // 输出通过检测的合法数据 $data = ($escape_filter)?$this->$escape_filter($this->post[$name]):$this->post[$name]; } else $data = ""; // 输出新的数据 return $data; } /** * 多选类表单生成 */ private function formSelect($type,$name,$value,$title,$style) { $outform = null; // 触发更新和提交动作时的初始 $nowvalue = (!emptyempty($this->post[$name]))?$this->post[$name]:$this->infoarray[$name]; // 兼容多选的识别,转为数组 if(!emptyempty($nowvalue))$valueArray = explode(",",$nowvalue); // 选项标题 if(is_array($title)) { array_unshift($title,"选择"); $titarray = array_values($title); }else $titarray = explode("|",$title); // 选项值 if(is_array($value)) { array_unshift($value,"选择"); $valarray = array_keys($value); if(emptyempty($title))$titarray = array_values($value); } else $valarray = explode("|",$value); // 取消表单的初始默认值 if(!emptyempty($this->post)&&!emptyempty($this->infoArray))$value = preg_replace("/Y_/i","",$value); foreach ($valarray as $key =>$varl) { // 非默认的识别 if(!emptyempty($valueArray))$select = (in_array($varl,$valueArray))?"Y":""; // 判断是否为默认 else $select = (eregi("Y_",$varl))? "Y":""; if($key >"0") { $_title=($titarray[$key])? $titarray[$key]:$title; switch ($type) { case "select": if("Y" == $select)$select = "selected"; $outform .= sprintf("<option %s value="%s"/>%s</option>rn" ,$select,preg_replace("/Y_/i","",$varl),$_title); break; case "radio": if("Y" == $select)$select = "checked"; $outform .= sprintf("<label>%s<input %s type="radio" name="%s" value="%s" %s/></label>rn", $_title,$select,$name,$varl,$style); break; case "checkbox": if("Y" == $select)$select = "checked"; $outform .= sprintf("<label>%s<input %s type="checkbox" name="%s[]" value="%s" %s/></label>rn",$_title,$select,$name,$varl,$style); break; } $select =null; } } // 下拉选择 if($type =="select")$outform = sprintf("<select name="%s" %s>%s</select>",$name,$style,$outform); return sprintf("<dt>%s</dt><dd>%s<tt id="J%s"></tt></dd>rn",$titarray[0],$outform,$name); } /** * 表单验证 及全部 ck_类函数 */ private function ck_split($standard,$name,$title,$find,$error) { // 非必填缺省跳过 if(eregi("N",$find) && emptyempty($this->post[$name]))return false; // 必填缺省检测 if(eregi("Y",$find) && emptyempty($this->post[$name]))return "["J{$name}","$error"],"; $t_error = null; // 多项检测 $arr = explode(",",$standard); // POST数据检测 if(!emptyempty($arr))foreach ($arr as $var) { if(trim($var)!="") { switch ($this->post) { case is_array($this->post[$name]): // 数组类的检测 foreach ($this->post[$name] as $_var) { $t_error.= ($this->ck_open($_var,trim($var)))?"":$error; if($t_error)break; } break; default: $t_error.= ($this->ck_open($this->post[$name],trim($var)))?"":$error; break; } if($t_error)break; } } return ($t_error)? "["J{$name}","$t_error"],":""; } // 函数调用 private function ck_open($string,$str) { $functi = $this->ck_detected($str); return ($this->$functi($string,$str))? true:false; } // 类型判断 private function ck_detected($str) { $detect = (eregi("^[a-zA-Z]*$",$str))? "{$str}Detect":"lengthDetect"; if(!in_array($detect,$this->array["class"])) { location("index.php",$ck," Lack of function !!!"); } return $detect; } //-------------------------------------以下为检测函数可外部调用 // 长度 public function lengthDetect($string,$str){ $len = split("-",trim($str)); return (strlen($string) > ($len[0]-1) && strlen($string) < ($len[1]+1))? true:false; } // 价格 public function moneyDetect($str){ return preg_match("/^(-|+)?d+(.d+)?$/",$str); } // 邮件 public function emailDetect($str){ return preg_match("/^w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*$/", $str); } // 网址 public function urlDetect($str){ return preg_match("/^http://[A-Za-z0-9]+.[A-Za-z0-9]+[/=?%-&_~`@[]":+!]*([^<>"])*$/", $str); } // 数字型 public function numDetect($str){ return is_numeric($str); } // 中文 public function cnDetect($str){ return preg_match("/^[x7f-xff]+$/", $str); } // 字母 public function enDetect($str){ return preg_match("/^[A-Za-z]+$/", $str); } // 数字字母混合 public function numenDetect($str){ return preg_match("/^([a-zA-Z0-9_-])+$/",$str); } // 电话号码 public function telDetect($str){ return ereg("^[+]?[0-9]+([xX-][0-9]+)*$", $str); } // 敏感词 public function keyDetect($str){ return (!preg_match("/$badkey/i",$str)); } //-----------------------------------------------------输出 // 字符替换 public function ck_filter($str){ $str=(is_array($str))? implode(",",$str):$str; $str=nl2br($str); //将回车替换为<br> $str=htmlspecialchars($str); //将特殊字元转成 HTML 格式。 //$str=str_replace(array(" ","<? "),array(" ","< ?"),$str); //替换空格替换为 return $str; } // 转义 function ck_escape($str) { if (!get_magic_quotes_gpc())return addslashes($str); return $str; } // MD5加密 public function ck_md5($str){ return MD5($str); } // base64加密 public function ck_base64($str){ return base64_encode($str); } // 时间 function ck_time($str){ // time_r() 来在公用函数文件 if(!is_numeric($str)) { return time_r($str); } else return $str; } // 有条件注销(数字) public function ck_cancel($str){ return (!is_numeric($str))? $str:""; } // 无条件注销 public function ck_delete(){ return null; } // js错误提示 private function jsError() { if(emptyempty($this->error))return false; return " <script language=javascript> rn var error = new Array(".trim($this->error,",")."); rn for (i=0; i < error.length; i++){ rn document.getElementById(error[0]).innerHTML=error[1]; }rn </script> "; } } // 演示: $form[1] =array( "text"=>array("title","","产品名称","size=40","产品名称不可缺少!","Y","cn,1-30"), "text1"=>array("categories","","产品名称","","","Y_base64"), "select"=>array("superiors","||1|2|Y_3","产品类别|选择|1|2|3","","必选项","Y"), "radio"=>array("superiors1","|1|Y_2|3","产品xun|产品1|产品2|产品3","","必选项","Y"), "checkbox"=>array("superiors2",array(1=>"11",2=>"22",3=>"33"),"","","必选项","Y"), "file"=>array("ddd","","文件"), ); $form =array ( "login" => array ( "text" => array ( 0 => "user", 1 => "", 2 => "用户名", 3 => "size=20", 4 => "!", 5 => "Y", 6 => "numen,6-12", ), "password" => array ( 0 => "pass", 1 => "", 2 => "密 码", 3 => "size=22", 4 => "密码格式错误!", 5 => "Y_md5", 6 => "numen,6-12", ), "radio" => array ( 0 => "time", 1 => "|7200|3600|1800", 2 => "cookies有效时间|2小时|1小时|30分钟", 3 => "", 4 => "", 5 => "N_delete", 6 => "", ), ), ); // 表单提交效验 $past = $_form->postForm($form["login"]); $dd = array("title"=>"标题","categories"=>"类别"); // $dd 为已有的信息(如更新时的信息输出) POST数据位内部处理具有优先权if(!emptyempty($past)) { echo "<pre>"; print_r($past); echo"</pre>"; } echo "<form method="POST" NAME="PostTopic" action="" enctype="multipart/form-data" style="margin:0px;">"; echo $_form->formHtml($form["login"],$dd); echo "<input type="submit" value="Y" name="B1"></form>";
希望本文所述对大家的PHP程序设计有所帮助。
