PHP Filters all malicious characters

  recently DEDECMS reported vulnerabilities, here to share the filter function of PHP, Daniel floated over bar, to the small black wide to learn exchange with

Function code:   Code as follows://php bulk filter Post,get sensitive data   if (GET_MAGIC_QUOTES_GPC ()) {  $_get = Stripslashes_array ($_get); &n Bsp $_post = Stripslashes_array ($_post); }  function Stripslashes_array (& $array) {  while ($key, $ var) = each ($array)) {  if ($key!= ' argc ' && $key!= ' argv ' && (Strtoupper ($key)!= $key | | '. Intval ($key) = = "$key") {  if (is_string ($var)) {  $array [$key] = stripslashes ($var); }  if (is_a Rray ($var)) {  $array [$key] = Stripslashes_array ($var); } } }  return $array; } / /filter   function HTMLEncode ($STR) {  if (empty ($STR)) return;  if ($str = "") return $str;  $str =trim ($ STR);  $str =str_replace ("&", "&", $str);  $str =str_replace (">", ">", $str);  $str =str_ Replace ("<", "<", $str);  $str =str_replace (CHR), "", $str);  $str =str_replace (Chr (9), "", $str);   $STR =str_replace (Chr (9), "", $str);  $str =str_replaCE (CHR), "&", $str);  $str =str_replace (Chr (), "'", $str);  $str =str_replace (CHR),  , $STR );  $str =str_replace ("'", "" ", $str);  $str =str_replace (" Select "," select ", $str);  $str =str_replace ( "Script", "script", $str);  $str =str_replace ("script", "script", $str);  $str =str_replace ("Join", "join", $ STR);  $str =str_replace ("union", "union", $str);  $str =str_replace ("where", "where", $str);  $str =str_ Replace ("Insert", "Insert", $str);  $str =str_replace ("delete", "delete", $str);  $str =str_replace ("Update" , "Update", $STR);  $str =str_replace ("like", "like", $str);  $str =str_replace ("Drop", "drop", $STR);  $ Str=str_replace ("Create", "create", $str);  $str =str_replace ("Modify", "Modify", $str);  $str =str_replace ( "Rename", "Rename", $str);  $str =str_replace ("Alter", "Alter", $STR);  $str =str_replace ("Cast", "CAS", $STR) ;  return $str; } /decoder   function HtmlDecode ($STR) {  if (empty ($STR)) return;  if ($str = = "") return $str;  $str =str_replace ("Select", "select", $str);  $str =str_replace ("Join", " Join ", $STR);  $str =str_replace (" union "," union ", $str);  $str =str_replace (" where "," where ", $str);  $ Str=str_replace ("Insert", "Insert", $str);  $str =str_replace ("delete", "delete", $str);  $str =str_replace ( "Update", "Update", $STR);  $str =str_replace ("like", "like", $str);  $str =str_replace ("Drop", "drop", $str);   $STR =str_replace ("Create", "create", $str);  $str =str_replace ("Modify", "Modify", $str);  $str =str_ Replace ("rename", "Rename", $str);  $str =str_replace ("Alter", "Alter", $STR);  $str =str_replace ("cas", " Cast ", $str);  $str =str_replace (" & "," & ", $str);  $str =str_replace (" > "," > ", $str);  $str =str_replace ("<", "<", $str);  $str =str_replace ("", Chr (), $str);  $str =str_replace ("", Chr (9), $STR );  $str =str_replace ("", Chr (9), $str);  $str =str_replace ("&", Chr (), $str);  $str =str_replace ("'", Chr (), $str);  $str =str_replace (" ", Chr (), $str);  $str =str_replace ("" "," ", $str) ;  return $str; } /function: String_filter ($string, $match _type=1)  //function: Filter illegal content  //parameter: //$s Tring need to check the string  //$match _type match type, 1 for exact match, 2 for fuzzy match, default for 1 // //return: Illegal content return true, no illegal content return false // Other: illegal keyword list saved in txt file, divided into common illegal keywords and serious illegal keywords two list  //author:heiyeluren //Time:2006-1-18 // //============ ==========================================================  function Lib_lawless_string_filter ($string, $ match_type=1)   { //String null directly returns illegal   $string = Trim ($string);  if (empty ($string))   {  return false; } //Get an important list of keywords and a list of common keywords   $common _file = "Common_list.txt"; Universal Filter Keyword list   $signify _file = "Signify_list.txt"; Important Filter Keywords list  //If no list file exists direct return false, otherwise read two file list to two array   if (!file_exists ($common _file) | |!file_exists ($ signify_file))   {  return false; }&nbsP $common _list = file ($common _file);  $signify _list = file ($signify _file); //Exact match   if ($match _type = 1) & nbsp {  $is _lawless = Exact_match ($string, $common _list); } //Fuzzy matching   if ($match _type = = 2)   {  $ is_lawless = Blur_match ($string, $common _list, $signify _list); } //Determine whether there is data in the array of retrieved results, and if so, prove to be illegal   if (is_ Array ($is _lawless) &&!empty ($is _lawless))   {  return true; }  else {  return false;& nbsp } } //--------------------- //exact match for filtration service  //---------------------  function Exact_match ( $string, $common _list)   {  $string = Trim ($string);  $string = Lib_replace_end_tag ($string); // Retrieves the generic filter keyword list   foreach ($common _list as $block)   {  $block = Trim ($block);  if (Preg_match ("/^ $string $ /i ", $block))   {  $blist [] = $block; } } //Judge There is no filtered content in the array   if (!empty ($blist))   {&NB Sp Return Array_unique ($blist); &nBsp }  return false; } //---------------------- //fuzzy matching, for filtering services  //----------------------  function Blur_match ($string, $common _list, $signify _list)   {  $string = Trim ($string);  $s _len = strlen ($ String);  $string = Lib_replace_end_tag ($string); //Retrieving Generic filter keywords list   foreach ($common _list as $block)   {  $block = Trim ($block);  if (Preg_match ("/^ $string $/i", $block))   {  $blist [] = $block; &nbsp ; } } //Retrieving Critical filter keywords list   foreach ($signify _list as $block)   {  $block = Trim ($block);  if ($s _le N>=strlen ($block) && preg_match ("/$block/I", $string))   {  $blist [] = $block; } }  //Judge if there is no filtered content in the array   if (!empty ($blist))   {  return Array_unique ($blist); }  return false;  } //-------------------------- //replace HTML tail tag, for filter services  //--------------------------  function Lib_replace_end_tag ($str)   {  if (empty($STR)) return false;  $str = Htmlspecialchars ($str);  $str = Str_replace ('/', "", $str);  $str = Str_replace ("", "", $str);  $str = Str_replace (">", "", $str);  $str = Str_replace ("<", "", $str);  $str = Str_replac E ("", "", $str);  $str = Str_replace ("", "", $str);  $str =str_replace ("Select", "select", $str);  $str =str _replace ("Join", "join", $str);  $str =str_replace ("union", "union", $str);  $str =str_replace ("where", " where ", $str);  $str =str_replace (" Insert "," Insert ", $str);  $str =str_replace (" delete "," delete ", $str);   $STR =str_replace ("Update", "Update", $STR);  $str =str_replace ("like", "like", $str);  $str =str_ Replace ("Drop", "drop", $str);  $str =str_replace ("Create", "create", $str);  $str =str_replace ("Modify", " Modify ", $str);  $str =str_replace (" rename "," Rename ", $str);  $str =str_replace (" Alter "," Alter ", $STR);   $STR =str_replace ("cas", "cast", $str);  $str =str_replace ("&", "&", $stR);  $str =str_replace (">", ">", $str);  $str =str_replace ("<", "<", $str);  $str =str_ Replace ("", Chr (), $str);  $str =str_replace ("", Chr (9), $str);  $str =str_replace ("", Chr (9), $STR);  $ Str=str_replace ("&", Chr, $str);  $str =str_replace ("'", Chr (), $str);  $str =str_replace (" " , Chr (), $str);  $str =str_replace ("" "," ", $str);  $str =str_replace (" CSS "," ' ", $str);  $str =str_ Replace ("CSS", "'", $str);  return $str; //html tag, which can be used as an extended filter  /*  $tags = Array ("/html", "/head", "/ Body ","/div ","/span ","/doctype ","/title ","/link ","/meta ","/style ","/P ","/h1, ","/h2, ","/h3, ","/h4, "", ""/h5, "", "" H6 ","/strong ","/em ","/abbr ","/acronym ","/address ","/bdo ","/blockquote ","/cite "," Q ","/code ","/ins ","/del "," D FN ","/KBD ","/pre ","/samp ","/var ","/br ","/A ","/img ","/area ","/map ","/object ","/param ","/ul ","/ol ","/li ","/DL " ","/dt ","/dd ","/table ","/tr ","/td ","/th ","/tbody ","/thead "," tFoot ","/col ","/colgroup ","/caption ","/form ","/input ","/textarea ","/select ","/option ","/optgroup ","/button "," l Abel ","/fieldset ","/legend ","/script ","/noscript ","/b "," I ","/tt ","/sub ","/sup ","/big ","/small ","/hr ");  */}     Code:   Reference is directly like this:   code is as follows: $xxx = htmlspecialchars ($_post[' xxx '));   or code as follows: $xxx = htmlspecialchars ($_get[' xxx '));