php 对输入信息的进行安全过滤的函数代码
2015-01-24信息快讯网
php 对输入信息的过滤代码,主要是针对php安全问题
// define constannts for input reading define('INPUT_GET', 0x0101); define('INPUT_POST', 0x0102); define('INPUT_GPC', 0x0103); /** * Read input value and convert it for internal use * Performs stripslashes() and charset conversion if necessary * * @param string Field name to read * @param int Source to get value from (GPC) * @param boolean Allow HTML tags in field value * @param string Charset to convert into * @return string Field value or NULL if not available */ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) { $value = NULL; if ($source == INPUT_GET && isset($_GET[$fname])) $value = $_GET[$fname]; else if ($source == INPUT_POST && isset($_POST[$fname])) $value = $_POST[$fname]; else if ($source == INPUT_GPC) { if (isset($_POST[$fname])) $value = $_POST[$fname]; else if (isset($_GET[$fname])) $value = $_GET[$fname]; else if (isset($_COOKIE[$fname])) $value = $_COOKIE[$fname]; } if (empty($value)) return $value; // strip single quotes if magic_quotes_sybase is enabled if (ini_get('magic_quotes_sybase')) $value = str_replace("''", "'", $value); // strip slashes if magic_quotes enabled else if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) $value = stripslashes($value); // remove HTML tags if not allowed if (!$allow_html) $value = strip_tags($value); // convert to internal charset return $value; }
用法:get_input_value('_uid', INPUT_GET)