正規化
星期五, 十二月 12, 2008
-php-
Email檢查:
function checkEmail($email){
return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
}
function safeEmail($string)
{
return preg_replace( '((?:\n|\r|\t|%0A|%0D|%08|%09)+)i' , '', $string );
}
%27 %2D %3B %23
2.1 檢測SQL meta-characters的正則運算式
/(\%27)|( ')|(\-\-)|(\%23)|(#)/ix
/((\%3D)|(=))[^\n]*((\%27)|( ')|(\-\-)|(\%3B)|(:))/i
/\w*((\%27)|( '))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix
/((\%27)|( '))union/ix
/exec(\s|\+)+(s|x)p\w+/ix
/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/ix
/((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/I
%3C%73%63%72%69%70%74%3E = script
/((\%3C)|<)[^\n]+((\%3E)|>)/I
"htmlspecialchars()" , "htmlentities()" , "mysql_real_escape_string()"
