Processing of submitted data function HtmlDecode ($STR) { if (Empty ($STR) | | "" = = $str) { Return ""; }
$str = Strip_tags ($STR); $str = Htmlspecialchars ($STR); $str = NL2BR ($STR); $str = Str_replace ("?", "", $str); $str = Str_replace ("*", "", $str); $str = Str_replace ("!", "", $str); $str = Str_replace ("~", "", $str); $str = Str_replace ("$", "", $str); $str = str_replace ("%", "", $str); $str = Str_replace ("^", "", $str); $str = Str_replace ("^", "", $str); $str = Str_replace ("Select", "", $str); $str = Str_replace ("Join", "", $str); $str = Str_replace ("union", "" ", $str); $str = Str_replace ("where", "", $str); $str = Str_replace ("Insert", "", $str); $str = str_replace ("delete", "", $str); $str = Str_replace ("Update", "", $str); $str = Str_replace ("Like", "", $str); $str = Str_replace ("Drop", "", $str); $str = Str_replace ("Create", "", $str); $str = Str_replace ("Modify", "", $str); $str = str_replace ("rename", "", $str); $str = Str_replace ("Alter", "", $str); $str = Str_replace ("Cast", "", $str);
$farr = Array ("//s+/",//filter for extra whitespace "/< (//?) (img|script|i?frame|style|html|body|title|link|meta|/?| /%) ([^>]*?) >/isu ",//filter <script prevent the introduction of malicious content or malicious code, if you do not need to insert flash, etc., you can also add <object filter "/(<[^>]*) on[a-za-z]+/s*= ([^>]*>)/isu")//filter JavaScript on event ; $tarr = Array ("", "",///If you want to clear unsafe labels directly, you can leave this blank "" ); return $str; } |