php 对输入信息的过滤代码

// define constannts for input reading
define('INPUT_GET', 0x0101);
define('INPUT_POST', 0x0102);
define('INPUT_GPC', 0x0103);


/**
 * Read input value and convert it for internal use
 * Performs stripslashes() and charset conversion if necessary
 *
 * @param string Field name to read
 * @param int Source to get value from (GPC)
 * @param boolean Allow HTML tags in field value
 * @param string Charset to convert into
 * @return string Field value or NULL if not available
 */
function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) {
        $value = NULL;

        if ($source == INPUT_GET && isset($_GET[$fname]))
                $value = $_GET[$fname];
        else if ($source == INPUT_POST && isset($_POST[$fname]))
                $value = $_POST[$fname];
        else if ($source == INPUT_GPC) {
                if (isset($_POST[$fname]))
                        $value = $_POST[$fname];
                else if (isset($_GET[$fname]))
                        $value = $_GET[$fname];
                else if (isset($_COOKIE[$fname]))
                        $value = $_COOKIE[$fname];
        }

        if (empty($value))
                return $value;

// strip single quotes if magic_quotes_sybase is enabled
        if (ini_get('magic_quotes_sybase'))
                $value = str_replace("''", "'", $value);
// strip slashes if magic_quotes enabled
        else if (get_magic_quotes_gpc() || get_magic_quotes_runtime())
                $value = stripslashes($value);

// remove HTML tags if not allowed
        if (!$allow_html)
                $value = strip_tags($value);

// convert to internal charset
        return $value;
}

　　用法：get_input_value('_uid', INPUT_GET)