PHP中常用数据过滤方法,可有效避免sql注入攻击。
/**
+----------------------------------------------------------* 处理数组,深度转义,加反斜杠
+----------------------------------------------------------
* @param array $data 要处理的字符串
+----------------------------------------------------------
* @return array
+----------------------------------------------------------
*/
function addslashes_deep($data)
{
if ( is_array($data) ) {
foreach ( (array) $data as $k => $v ) {
unset($data[$k]);
$k=addslashes( $k );
if ( is_array($v) )
$data[$k] = addslashes_deep( $v );
else
$data[$k] = addslashes( $v );
}
} else {
$data = addslashes( $data );
}
return $data;
}
/**
+----------------------------------------------------------* 处理对象,深度转义,加反斜杠
+----------------------------------------------------------
* @param obj $data 要处理的字符串
+----------------------------------------------------------
* @return obj
+----------------------------------------------------------
*/
function addslashes_deep_obj($obj)
{
if (is_object($obj) == true)
{
foreach ($obj AS $key => $val)
{
$obj->$key = addslashes_deep($val);
}
}
else
{
$obj = addslashes_deep($obj);
}
return $obj;
}
/**
+----------------------------------------------------------* 处理字符串,反转义,去反斜杠
+----------------------------------------------------------
* @param string $string 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
function stripslashes_deep($value)
{
if (emptyempty($value))
{
return $value;
}
else
{
return is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
}
}
/**
+----------------------------------------------------------* 处理用户传入的变量,进行转义
+----------------------------------------------------------
* @param none
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
if (!get_magic_quotes_gpc()) {
if (!emptyempty($_GET)) {
$_GET = addslashes_deep($_GET);
}
if (!emptyempty($_POST)) {
$_POST = addslashes_deep($_POST);
}
$_COOKIE = addslashes_deep($_COOKIE);
$_REQUEST = addslashes_deep($_REQUEST);
}
/**
+----------------------------------------------------------* 处理数组,base64 反序列化
+----------------------------------------------------------
* @param array $data
+----------------------------------------------------------
* @return array
+----------------------------------------------------------
*/
function unserialize_base64($data){
if(is_array($data)){
foreach($data as $key=>$item){
if(is_array($item)){
$data[stripslashes(base64_encode($key))] = base64_encoder_multi($item); /**并解决key的问题 如果有引号并去掉引号 stripslashes**/
}else{
$data[stripslashes(base64_encode($key))] = base64_decode($item);/**并解决key的问题 如果有引号并去掉引号 stripslashes**/
}
}
return $data;
}else{
return base64_decode(stripslashes($data));
}
}
function base64_encoder_multi($data){
if(is_array($data)){
foreach($data as $key=>$item){
if(is_array($item)){
$data[base64_encode($key)] = base64_encoder_multi($item); /**并解决key的问题**/
}else{
$data[base64_encode($key)] = base64_encode($item);/**并解决key的问题**/
}
}
return $data;
}else{
return base64_encode($data);
}
}