站长论坛

标题: 简单过滤post,get传递时安全问题 [打印本页]

作者: superadmin 时间: 2008-4-6 19:59
标题: 简单过滤post,get传递时安全问题
这个类只是个简单的类,目前对xss攻击,和sql注入的预防也只是简单的过滤了下

欢迎大家对此类进行修改,或者提出你的建议.

<?php
/**
* @name date safe class 0.1
* @author kevin xu
* @copyright kenvin E-mail:gincn@cn.cashboxparty.com MSN:gincn@live.cn
*/
interface dateSafe{
function gincn();
}
class safe extends doSafe implements dateSafe
{
public $safe;
function __construct($safe)
{
  parent::__construct($safe);    //调用父类构造函数,网友javachen找出来的错误
  $this->safe = $safe;
}
function gincn()
{
  $this->safe = parent::xss($this->safe);
  $this->safe = parent::sql($this->safe);
  return $this->safe;
}
}
class doSafe
{
protected  $str;
function __construct($str)
{
  $this->str = $str;
}
function xss()
{
  $this->str = trim($this->str);       //清理空格字符
  $this->str = nl2br($this->str);       //将换行符转化为<br />
  $this->str = strip_tags($this->str);    //过滤文本中的HTML标签
  $this->str = htmlspecialchars($this->str); //将文本中的内容转换为HTML实体
  $this->str = addslashes($this->str);    //加入字符转义
  return $this->str;
}
function sql()
{
  $this->str = mysql_escape_string($this->str);
  return $this->str;
}
}

?>
<?php
$test = "ssss<html></html>";
$obj = new safe($test);
echo $obj->gincn();
?>

欢迎光临站长论坛 (http://www.tzlink.com/bbs/)