php 对输入信息的进行安全过滤的函数代码
php 对输入信息的过滤代码,主要是针对 php 安全问题
代码如下
:
// define constannts for input reading
define('INPUT_GET', 0x0101);
define('INPUT_POST', 0x0102);
define('INPUT_GPC', 0x0103);
/**
* Read input value and convert it for internal use
* Performs stripslashes() and charset conversion if necessary
*
* @param string Field name to read
* @param int Source to get value from (GPC)
* @param boolean Allow HTML tags in field value
* @param string Charset to convert into
* @return string Field value or NULL if not available
*/
function
get_input_value(
$fname
,
$source
,
$allow_html
=FALSE,
$charset
=NULL) {
$value
= NULL;
if
(
$source
== INPUT_GET && isset(
$_GET
[
$fname
]))
$value
=
$_GET
[
$fname
];
else
if
(
$source
== INPUT_POST && isset(
$_POST
[
$fname
]))
$value
=
$_POST
[
$fname
];
else
if
(
$source
== INPUT_GPC) {
if
(isset(
$_POST
[
$fname
]))
$value
=
$_POST
[
$fname
];
else
if
(isset(
$_GET
[
$fname
]))
$value
=
$_GET
[
$fname
];
else
if
(isset(
$_COOKIE
[
$fname
]))
$value
=
$_COOKIE
[
$fname
];
}
if
(
empty
(
$value
))
return
$value
;
// strip single quotes if magic_quotes_sybase is enabled
if
(
ini_get
('magic_quotes_sybase'))