php 对输入信息的过滤代码
// define constannts for input readingdefine('INPUT_GET', 0x0101);define('INPUT_POST', 0x0102);define('INPUT_GPC', 0x0103);/** * Read input value and convert it for internal use * Performs stripslashes() and charset conversion if necessary * * @param string Field name to read * @param int Source to get value from (GPC) * @param boolean Allow HTML tags in field value * @param string Charset to convert into * @return string Field value or NULL if not available */function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) { $value = NULL; if ($source == INPUT_GET && isset($_GET[$fname])) $value = $_GET[$fname]; else if ($source == INPUT_POST && isset($_POST[$fname])) $value = $_POST[$fname]; else if ($source == INPUT_GPC) { if (isset($_POST[$fname])) $value = $_POST[$fname]; else if (isset($_GET[$fname])) $value = $_GET[$fname]; else if (isset($_COOKIE[$fname])) $value = $_COOKIE[$fname]; } if (empty($value)) return $value;// strip single quotes if magic_quotes_sybase is enabled if (ini_get('magic_quotes_sybase')) $value = str_replace("''", "'", $value);// strip slashes if magic_quotes enabled else if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) $value = stripslashes($value);// remove HTML tags if not allowed if (!$allow_html) $value = strip_tags($value);// convert to internal charset return $value;}
页:
[1]