1 /**
2 * html转换输出(只转义' " 保留Html正常运行)
3 * @param $param
4 * @return string
5 */
6 function htmlEscape($param) {
7 return trim(htmlspecialchars($param, ENT_QUOTES));
8 }
9
10 /**
11 * 是否数组(同时检测数组中是否存在值)
12 * @param $params
13 * @return boolean
14 */
15 function isArray($params) {
16 return (!is_array($params) || !count($params)) ? false : true;
17 }
18
19 /**
20 * 变量是否在数组中存在(参数容错, 字符串是否存在于数组中)
21 * @param $param
22 * @param $params
23 * @return boolean
24 */
25 function inArray($param, $params) {
26 return (!in_array((string)$param, (array)$params)) ? false : true;
27 }
28
29 /**
30 * 通用多类型混合转义函数
31 * @param $var
32 * @param $strip
33 * @param $isArray
34 * @return mixture
35 */
36 function sqlEscape($var, $strip = true, $isArray = false) {
37 if (is_array($var)) {
38 if (!$isArray) return " '' ";
39 foreach ($var as $key => $value) {
40 $var[$key] = trim(S::sqlEscape($value, $strip));
41 }
42 return $var;
43 } elseif (is_numeric($var)) {
44 return " '" . $var . "' ";
45 } else {
46 return " '" . addslashes($strip ? stripslashes($var) : $var) . "' ";
47 }
48}
49
50 /**
51 * 获取服务器变量
52 * @param $keys
53 * @return string
54 */
55 function getServer($keys) {
56 $server = array();
57 $array = (array) $keys;
58 foreach ($array as $key) {
59 $server[$key] = NULL;
60 if (isset($_SERVER[$key])) {
61 $server[$key] = str_replace(array('<','>','"',"'",'%3C','%3E','%22','%27','%3c','%3e'), '', $_SERVER[$key]);
62 }
63 }
64 return is_array($keys) ? $server : $server[$keys];
65 }
66
67 /**
68 * 变量转义
69 * @param $array
70 */
71 function slashes(&$array) {
72 if (is_array($array)) {
73 foreach ($array as $key => $value) {
74 if (is_array($value)) {
75 S::slashes($array[$key]);
76 } else {
77 $array[$key] = addslashes($value);
78 }
79 }
80 }
81 }
82
83 /**
84 * 目录转换
85 * @param unknown_type $dir
86 * @return string
87 */
88 function escapeDir($dir) {
89 $dir = str_replace(array("'",'#','=','`','$','%','&',';'), '', $dir);
90 return rtrim(preg_replace('/(\/){2,}|(\\\){1,}/', '/', $dir), '/');
91 }
92 /**
93 * 通用多类型转换
94 * @param $mixed
95 * @param $isint
96 * @param $istrim
97 * @return mixture
98 */
99 function escapeChar($mixed, $isint = false, $istrim = false) {
100 if (is_array($mixed)) {
101 foreach ($mixed as $key => $value) {
102 $mixed[$key] = S::escapeChar($value, $isint, $istrim);
103 }
104 } elseif ($isint) {
105 $mixed = (int) $mixed;
106 } elseif (!is_numeric($mixed) && ($istrim ? $mixed = trim($mixed) : $mixed) && $mixed) {
107 $mixed = S::escapeStr($mixed);
108 }
109 return $mixed;
110 }
111 /**
112 * 字符转换
113 * @param $string
114 * @return string
115 */
116 function escapeStr($string) {
117 $string = str_replace(array("\0","%00","\r"), '', $string); //modified@2010-7-5
118 $string = preg_replace(array('/[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]/','/&(?!(#[0-9]+|[a-z]+);)/is'), array('', '&'), $string);
119 $string = str_replace(array("%3C",'<'), '<', $string);
120 $string = str_replace(array("%3E",'>'), '>', $string);
121 $string = str_replace(array('"',"'","\t",' '), array('"',''',' ',' '), $string);
122 return $string;
123 }
124 /**
125 * 变量检查
126 * @param $var
127 */
128 function checkVar(&$var) {
129 if (is_array($var)) {
130 foreach ($var as $key => $value) {
131 S::checkVar($var[$key]);
132 }
133 } elseif (P_W != 'admincp') {
134 $var = str_replace(array('..',')','<','='), array('..',')','<','='), $var);
135 } elseif (str_replace(array('<iframe','<meta','<script'), '', $var) != $var) {
136 global $basename;
137 $basename = 'javascript:history.go(-1);';
138 adminmsg('word_error');
139 }
140 }
