// Process submitted data Function htmldecode ($ str ){ If (empty ($ str) | "" = $ str ){ Return ""; }
$ Str = strip_tags ($ str ); $ Str = htmlspecialchars ($ str ); $ Str = nl2br ($ str ); $ Str = str_replace ("? "," ", $ Str ); $ Str = str_replace ("*", "", $ str ); $ Str = str_replace ("! "," ", $ Str ); $ Str = str_replace ("~ "," ", $ Str ); $ Str = str_replace ("$", "", $ str ); $ Str = str_replace ("%", "", $ str ); $ Str = str_replace ("^", "", $ str ); $ Str = str_replace ("^", "", $ str ); $ Str = str_replace ("select", "", $ str ); $ Str = str_replace ("join", "", $ str ); $ Str = str_replace ("union", "", $ str ); $ Str = str_replace ("where", "", $ str ); $ Str = str_replace ("insert", "", $ str ); $ Str = str_replace ("delete", "", $ str ); $ Str = str_replace ("update", "", $ str ); $ Str = str_replace ("like", "", $ str ); $ Str = str_replace ("drop", "", $ str ); $ Str = str_replace ("create", "", $ str ); $ Str = str_replace ("modify", "", $ str ); $ Str = str_replace ("rename", "", $ str ); $ Str = str_replace ("alter", "", $ str ); $ Str = str_replace ("cast", "", $ str );
$ Farr = array ("// s +/", // filter unnecessary Spaces "/<(//?) (Img | script | I? Frame | style | html | body | title | link | meta | /? |/%) ([^>] *?)> /IsU ", // filter <script to prevent the introduction of malicious content or malicious code. If you do not need to insert flash, you can also add <object Filtering "/(<[^>] *) On [a-zA-Z] +/s * = ([^>] *>)/isU ") // filter javascript on events ; $ Tarr = array ("", "", // if you want to clear insecure labels directly, leave it blank. ""); Return $ str; } |