阻止SQL注入
function clean($input) { if (is_array($input)) { foreach ($input as $key => $val) { $output[$key] = clean($val); // $output[$key] = $this->clean($val); } } else { $output = (string) $input; // if magic quotes is on then use strip slashes if (get_magic_quotes_gpc()) { $output = stripslashes($output); } // $output = strip_tags($output); $output = htmlentities($output, ENT_QUOTES, 'UTF-8'); } // return the clean text return $output; }验证网址
function is_valid_url($url){
$p1 ='/(http|https|ftp):\/\/[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(\/.*)?$/i';
return preg_match($p1, $url);
}
验证邮箱地址
function is_validemail($email)
{
$check = 0;
if(filter_var($email,FILTER_VALIDATE_EMAIL))
{
$check = 1;
}
return $check;
}
验证ip地址
function is_valid_ip($ip){
if (filter_var($ip, FILTER_VALIDATE_IP))
return true;
else
return false;
}
获取用户的真实IP
function getRealIpAddr()
{
if (!emptyempty($_SERVER['HTTP_CLIENT_IP']))
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!emptyempty($_SERVER['HTTP_X_FORWARDED_FOR']))
//to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
把秒转换成天数,小时数和分钟
function secsToStr($secs)
{
if($secs>=86400){$days=floor($secs/86400);$secs=$secs%86400;$r=$days.' day';if($days<>1){$r.='s';}if($secs>0){$r.=', ';}}
if($secs>=3600){$hours=floor($secs/3600);$secs=$secs%3600;$r.=$hours.' hour';if($hours<>1){$r.='s';}if($secs>0){$r.=', ';}}
if($secs>=60){$minutes=floor($secs/60);$secs=$secs%60;$r.=$minutes.' minute';if($minutes<>1){$r.='s';}if($secs>0){$r.=', ';}}
$r.=$secs.' second';if($secs<>1){$r.='s';}
return $r;
}
遍历目录
function list_files($dir)
{
if(is_dir($dir))
{
if($handle = opendir($dir))
{
while(($file = readdir($handle)) !== false)
{
if($file != "." && $file != ".." && $file != "Thumbs.db"/*pesky windows, images..*/)
{
echo '<a target="_blank" href="'.$dir.$file.'">'.$file.'</a>'."\n";
}
}
closedir($handle);
}
}
}
检查网站是否宕机
function Visit($url)
{
$agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";
$ch=curl_init();
curl_setopt ($ch, CURLOPT_URL,$url );
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch,CURLOPT_VERBOSE,false);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch,CURLOPT_SSLVERSION,3);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, FALSE);
$page=curl_exec($ch);
//echo curl_error($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if($httpcode>=200 && $httpcode<300) return true;
else return false;
}
if (Visit("http://www.google.com"))
echo "Website OK"."n";
else
echo "Website DOWN";
简单的 php 防注入、防跨站 函数
function fn_safe($str_string) {
//直接剔除
$_arr_dangerChars = array(
"|", ";", "$", "@", "+", "\t", "\r", "\n", ",", "(", ")", PHP_EOL //特殊字符
);
//正则剔除
$_arr_dangerRegs = array(
/* -------- 跨站 --------*/
//html 标签
"/<(script|frame|iframe|bgsound|link|object|applet|embed|blink|style|layer|ilayer|base|meta)\s+\S*>/i",
//html 属性
"/on(afterprint|beforeprint|beforeunload|error|haschange|load|message|offline|online|pagehide|pageshow|popstate|redo|resize|storage|undo|unload|blur|change|contextmenu|focus|formchange|forminput|input|invalid|reset|select|submit|keydown|keypress|keyup|click|dblclick|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|mousedown|mousemove|mouseout|mouseover|mouseup|mousewheel|scroll|abort|canplay|canplaythrough|durationchange|emptied|ended|error|loadeddata|loadedmetadata|loadstart|pause|play|playing|progress|ratechange|readystatechange|seeked|seeking|stalled|suspend|timeupdate|volumechange|waiting)\s*=\s*(\"|')?\S*(\"|')?/i",
//html 属性包含脚本
"/\w+\s*=\s*(\"|')?(java|vb)script:\S*(\"|')?/i",
//js 对象
"/(document|location)\s*\.\s*\S*/i",
//js 函数
"/(eval|alert|prompt|msgbox)\s*\(.*\)/i",
//css
"/expression\s*:\s*\S*/i",
/* -------- sql 注入 --------*/
//显示 数据库 | 表 | 索引 | 字段
"/show\s+(databases|tables|index|columns)/i",
//创建 数据库 | 表 | 索引 | 视图 | 存储过程 | 存储过程
"/create\s+(database|table|(unique\s+)?index|view|procedure|proc)/i",
//更新 数据库 | 表
"/alter\s+(database|table)/i",
//丢弃 数据库 | 表 | 索引 | 视图 | 字段
"/drop\s+(database|table|index|view|column)/i",
//备份 数据库 | 日志
"/backup\s+(database|log)/i",
//初始化 表
"/truncate\s+table/i",
//替换 视图
"/replace\s+view/i",
//创建 | 更改 字段
"/(add|change)\s+column/i",
//选择 | 更新 | 删除 记录
"/(select|update|delete)\s+\S*\s+from/i",
//插入 记录 | 选择到文件
"/insert\s+into/i",
//sql 函数
"/load_file\s*\(.*\)/i",
//sql 其他
"/(outfile|infile)\s+(\"|')?\S*(\"|')/i",
);
$_str_return = $str_string;
//$_str_return = urlencode($_str_return);
foreach ($_arr_dangerChars as $_key=>$_value) {
$_str_return = str_ireplace($_value, "", $_str_return);
}
foreach ($_arr_dangerRegs as $_key=>$_value) {
$_str_return = preg_replace($_value, "", $_str_return);
}
$_str_return = htmlentities($_str_return, ENT_QUOTES, "UTF-8", true);
return $_str_return;
}