PHP Security Detection Code fragment (sharing) _php tips

Copy Code code as follows:

/**
* HTML conversion output (only escaped ' "Keep HTML running correctly)
* @param $param
* @return String
*/
function Htmlescape ($param) {
Return Trim (Htmlspecialchars ($param, ent_quotes));
}

/**
* Whether the array (also detects the existence of values in the array)
* @param $params
* @return Boolean
*/
function IsArray ($params) {
Return (!is_array ($params) | | |!count ($params))? False:true;
}

/**
* Whether the variable exists in the array (parameter tolerance, whether the string exists in the array)
* @param $param
* @param $params
* @return Boolean
*/
function InArray ($param, $params) {
Return (!in_array (String) $param, (array) $params))? False:true;
}

/**
* Generic multi-type mixed escape function
* @param $var
* @param $strip
* @param $isArray
* @return Mixture
*/
function Sqlescape ($var, $strip = True, $isArray = False) {
if (Is_array ($var)) {
if (! $isArray) return "";
foreach ($var as $key => $value) {
$var [$key] = Trim (S::sqlescape ($value, $strip));
}
return $var;
} elseif (Is_numeric ($var)) {
Return "'". $var. "' ";
} else {
Return "'". Addslashes ($strip stripslashes ($var): $var). "' ";
}
}

/**
* Get Server variables
* @param $keys
* @return String
*/
function Getserver ($keys) {
$server = Array ();
$array = (array) $keys;
foreach ($array as $key) {
$server [$key] = NULL;
if (Isset ($_server[$key])) {
$server [$key] = Str_replace (' < ', ' > ', ' "', ' '", '%3c ', '%3e ', '%22 ', '%27 ', '%3c ', '%3e '), ' ", $_server[$key]);
}
}
Return Is_array ($keys)? $server: $server [$keys];
}

/**
* Variable Escape
* @param $array
*/
function slashes (& $array) {
if (Is_array ($array)) {
foreach ($array as $key => $value) {
if (Is_array ($value)) {
S::slashes ($array [$key]);
} else {
$array [$key] = addslashes ($value);
}
}
}
}

/**
* Directory Conversion
* @param unknown_type $dir
* @return String
*/
function Escapedir ($dir) {
$dir = Str_replace (Array ("'", ' # ', ' = ', ' ', ' $ ', '% ', ' & ', '; '), ', $dir);
return RTrim (Preg_replace ('/\/) {2,}| ( \\\) {1,}/', '/', $dir), '/');
}
/**
* Common multi-type conversions
* @param $mixed
* @param $isint
* @param $istrim
* @return Mixture
*/
function Escapechar ($mixed, $isint = False, $istrim = False) {
if (Is_array ($mixed)) {
foreach ($mixed as $key => $value) {
$mixed [$key] = S::escapechar ($value, $isint, $istrim);
}
} elseif ($isint) {
$mixed = (int) $mixed;
ElseIf!is_numeric ($mixed) && ($istrim $mixed = Trim ($mixed): $mixed) && $mixed) {
$mixed = S::escapestr ($mixed);
}
return $mixed;
}
/**
* Character Conversion
* @param $string
* @return String
*/
function Escapestr ($string) {
$string = Str_replace (Array ("", "%00", "\ R"), ", $string); Modified@2010-7-5
$string = preg_replace (Array ('/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]/', '/& ') (?!) (#[0-9]+| [a-z]+);)/is '), Array (', ' & '), $string);
$string = Str_replace (Array ("%3c", ' < '), ' < ', $string);
$string = Str_replace (Array ("%3e", ' > '), ' > ', $string);
$string = str_replace (Array (' "'," ' "," \ T ", '), Array ('" ', ', ', ', ', '), $string);
return $string;
}
/**
* Variable Check
* @param $var
*/
Function Checkvar (& $var) {
if (Is_array ($var)) {
foreach ($var as $key => $value) {
S::checkvar ($var [$key]);
}
} elseif (P_w!= ' ADMINCP ') {
$var = Str_replace (' ... ', ') ', ' < ', ' = '), Array (' ... ', ') ', ' < ', ' = '), $var);
ElseIf (Str_replace (' <iframe ', ' <meta ', ' <script '), ', $var)!= $var) {
Global $basename;
$basename = ' Javascript:history.go (-1); ';
Adminmsg (' Word_error ');
}
}