$po_data = array(
"shop_id"=>$shop_id,
"name"=>$this->_safe($params["name"]),
"supplier_id"=>$this->_safe($params["supplier_id"]),
"branch_id"=>$this->_safe($params["branch_id"]),
"po_bn"=>$this->_safe($this->generate_password("po")),
"purchase_time"=>time(),
"amount"=>$amount,
"operator"=>$this->_safe($params['operator']),
"po_type"=>$this->_safe($params["po_type"]),
"arrive_time"=>$this->_safe($params["arrive_time"]),
"deposit_balance"=>$this->_safe($params["deposit_balance"]),
"product_cost"=>$this->_safe($product_cost),
"delivery_cost"=>$this->_safe($params["delivery_cost"]),
"memo"=>$this->_safe($params["memo"])?$this->_safe($params["memo"])." ".date("Y-m-d H:i:s",time())." By ".$this->sellerName."<br/>":"",
"emergency"=>$params["emergency"]?$params["emergency"]:"false",
);
private function _safe($str){
$html_string = array("&", " ", "'", '"', "<", ">", "\t", "\r");
$html_clear = array("&", " ", "'", """, "<", ">", " ", "");
$js_string = array("/<script(.*)<\/script>/isU");
$js_clear = array("");
$frame_string = array("/<frame(.*)>/isU", "/<\/fram(.*)>/isU", "/<iframe(.*)>/isU", "/<\/ifram(.*)>/isU",);
$frame_clear = array("", "", "", "");
$style_string = array("/<style(.*)<\/style>/isU", "/<link(.*)>/isU", "/<\/link>/isU");
$style_clear = array("", "", "");
$str = trim($str);
//过滤字符串
$str = str_replace($html_string, "", $str);
//过滤JS
$str = preg_replace($js_string, "", $str);
//过滤ifram
$str = preg_replace($frame_string, "", $str);
//过滤style
$str = preg_replace($style_string, "", $str);
return $str;
}
本文介绍了一个PHP程序中处理采购订单数据的方法。该程序通过安全地处理输入参数并构造采购订单数据数组,确保了数据的安全性和正确性。此外,文章还提供了一种过滤恶意代码的_private_function_safe方法。
扫一扫
652
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
