防止SQL/XSS攻击
function clean($str)
{
$str=trim($str);
$str=strip_tags($str);
$str=stripslashes($str);
$str=addslashes($str);
$str=rawurldecode($str);
$str=quotemeta($str);
$str=htmlspecialchars($str);
$str=preg_replace("/\+|\*|\`|\/|\-|\$|\#|\^|\!|\@|\%|\&|\~|\^|\[|\]|\'|\"/", "", $str);//去除特殊符号+*`/-$#^~!@#$%&[]'"
$str=preg_replace("/\s/", "", $str);//去除空格、换行符、制表符
return $str;
}
function gjj($str)
{
$farr = array(
"/\\s+/",
"/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU",
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
);
$str = preg_replace($farr,"",$str);
return addslashes($str);
}
function hg_input_bb($array)
{
if (is_array($array))
{
foreach($array AS $k => $v)
{
$array[$k] = hg_input_bb($v);
}
}
else
{
$array = gjj($array);
}
return $array;
}