php输入post过滤函数,入库出库,显示

第一部分  php输入post过滤函数

function GLOBAL_POST($str)
{
	$str_origin=$str;
if (empty($str)) return false;

$str = str_replace( '/', "", $str);//替换关键词
$str = str_replace("\\", "", $str);
$str = str_replace("&gt", "", $str);
$str = str_replace("&lt", "", $str);
$str = str_replace("<SCRIPT>", "", $str);
$str = str_replace("</SCRIPT>", "", $str);
$str = str_replace("<script>", "", $str);
$str = str_replace("</script>", "", $str);
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast",$str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace("&emsp;","",$str);
$str=str_replace(" ","",$str);
$str=str_replace("	","",$str);
$str=str_replace("&","",$str);
$str=str_replace("'","",$str);
$str=str_replace("<br />",chr(13),$str);
$str=str_replace("''","'",$str);
$str=str_replace("css","'",$str);
$str=str_replace("CSS","'",$str);
$str=str_replace(";","",$str);
$str=str_replace("-","",$str);
$str=str_replace("*","",$str);
$str=str_replace("!","",$str);
$str=str_replace("$","",$str);
$str=str_replace("=","",$str);
$str=str_replace("+","",$str);
$str=str_replace("%","",$str);

$str = htmlspecialchars($str);//把预定义的字符 "<" (小于)和 ">" (大于)转换为 HTML 实体:
$str = strip_tags($str);//strip_tags() 函数剥去字符串中的 HTML、XML 以及 PHP 的标签。

if($str_origin==$str){
	return $str;
	}else{
return false;
	}
}

这个函数过滤了大部分值(您可错杀不放过)
不可用于code部分的输入。
仅仅用于用户名等注册内容。

其中一个空格是全角空格,dz不识别,程序自取

第二部分:入库出库显示

本文实例讲述了PHP数据的提交与过滤基本操作。分享给大家供大家参考,具体如下:

1、php提交数据过滤的基本原则

1)提交变量进数据库时,我们必须使用addslashes()进行过滤,像我们的注入问题,一个addslashes()也就搞定了。其实在涉及到变量取值时,intval()函数对字符串的过滤也是个不错的选择。

2)在php.ini中开启magic_quotes_gpc和magic_quotes_runtime。magic_quotes_gpc可以把get,post,cookie里的引号变为斜杠。
magic_quotes_runtime对于进出数据库的数据可以起到格式话的作用。其实,早在以前注入很疯狂时,这个参数就很流行了。

3)在使用系统函数时,必须使用escapeshellarg(),escapeshellcmd()参数去过滤,这样你也就可以放心的使用系统函数。

4)对于跨站,strip_tags(),htmlspecialchars()两个参数都不错,对于用户提交的的带有html和php的标记都将进行转换。比如尖括号"<"就将转化为 "<"这样无害的字符。

1

2

$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);

strip_tags($text,);

5)对于相关函数的过滤,就像先前的include(),unlink,fopen()等等,只要你把你所要执行操作的变量指定好或者对相关字符过滤严密,我想

这样也就无懈可击了。

2、PHP简单的数据过滤

1)入库:  trim($str),addslashes($str)

2)出库:  stripslashes($str)

3)显示:  htmlspecialchars(nl2br($str))

<?php
/**
 * global.func.php 公共函数库
 */
/**
 * 返回经addslashes处理过的字符串或数组
 * @param $string 需要处理的字符串或数组
 * @return mixed
 */
function new_addslashes($string){
 if(!is_array($string)) return addslashes($string);
 foreach($string as $key => $val) $string[$key] = new_addslashes($val);
 return $string;
}
/**
 * 返回经stripslashes处理过的字符串或数组
 * @param $string 需要处理的字符串或数组
 * @return mixed
 */
function new_stripslashes($string) {
 if(!is_array($string)) return stripslashes($string);
 foreach($string as $key => $val) $string[$key] = new_stripslashes($val);
 return $string;
}
/**
 * 返回经htmlspecialchars处理过的字符串或数组
 * @param $obj 需要处理的字符串或数组
 * @return mixed
 */
function new_html_special_chars($string) {
 $encoding = 'utf-8';
 if(strtolower(CHARSET)=='gbk') $encoding = 'ISO-8859-15';
 if(!is_array($string)) return htmlspecialchars($string,ENT_QUOTES,$encoding);
 foreach($string as $key => $val) $string[$key] = new_html_special_chars($val);
 return $string;
}
function new_html_entity_decode($string) {
 $encoding = 'utf-8';
 if(strtolower(CHARSET)=='gbk') $encoding = 'ISO-8859-15';
 return html_entity_decode($string,ENT_QUOTES,$encoding);
}
function new_htmlentities($string) {
 $encoding = 'utf-8';
 if(strtolower(CHARSET)=='gbk') $encoding = 'ISO-8859-15';
 return htmlentities($string,ENT_QUOTES,$encoding);
}
/**
 * 安全过滤函数
 *
 * @param $string
 * @return string
 */
function safe_replace($string) {
 $string = str_replace('%20','',$string);
 $string = str_replace('%27','',$string);
 $string = str_replace('%2527','',$string);
 $string = str_replace('*','',$string);
 $string = str_replace('"','&quot;',$string);
 $string = str_replace("'",'',$string);
 $string = str_replace('"','',$string);
 $string = str_replace(';','',$string);
 $string = str_replace('<','&lt;',$string);
 $string = str_replace('>','&gt;',$string);
 $string = str_replace("{",'',$string);
 $string = str_replace('}','',$string);
 $string = str_replace('\\','',$string);
 return $string;
}
/**
 * xss过滤函数
 *
 * @param $string
 * @return string
 */
function remove_xss($string) {
 $string = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S', '', $string);
 $parm1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
 $parm2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
 $parm = array_merge($parm1, $parm2);
 for ($i = 0; $i < sizeof($parm); $i++) {
  $pattern = '/';
  for ($j = 0; $j < strlen($parm[$i]); $j++) {
   if ($j > 0) {
    $pattern .= '(';
    $pattern .= '(&#[x|X]0([9][a][b]);?)?';
    $pattern .= '|(&#0([9][10][13]);?)?';
    $pattern .= ')?';
   }
   $pattern .= $parm[$i][$j];
  }
  $pattern .= '/i';
  $string = preg_replace($pattern, ' ', $string);
 }
 return $string;
}
/**
 * 过滤ASCII码从0-28的控制字符
 * @return String
 */
function trim_unsafe_control_chars($str) {
 $rule = '/[' . chr ( 1 ) . '-' . chr ( 8 ) . chr ( 11 ) . '-' . chr ( 12 ) . chr ( 14 ) . '-' . chr ( 31 ) . ']*/';
 return str_replace ( chr ( 0 ), '', preg_replace ( $rule, '', $str ) );
}
/**
 * 格式化文本域内容
 *
 * @param $string 文本域内容
 * @return string
 */
function trim_textarea($string) {
 $string = nl2br ( str_replace ( ' ', '&nbsp;', $string ) );
 return $string;
}
/**
 * 将文本格式成适合js输出的字符串
 * @param string $string 需要处理的字符串
 * @param intval $isjs 是否执行字符串格式化,默认为执行
 * @return string 处理后的字符串
 */
function format_js($string, $isjs = 1) {
 $string = addslashes(str_replace(array("\r", "\n", "\t"), array('', '', ''), $string));
 return $isjs ? 'document.write("'.$string.'");' : $string;
}
/**
 * 转义 javascript 代码标记
 *
 * @param $str
 * @return mixed
 */
 function trim_script($str) {
 if(is_array($str)){
  foreach ($str as $key => $val){
   $str[$key] = trim_script($val);
  }
  }else{
   $str = preg_replace ( '/\<([\/]?)script([^\>]*?)\>/si', '&lt;\\1script\\2&gt;', $str );
  $str = preg_replace ( '/\<([\/]?)iframe([^\>]*?)\>/si', '&lt;\\1iframe\\2&gt;', $str );
  $str = preg_replace ( '/\<([\/]?)frame([^\>]*?)\>/si', '&lt;\\1frame\\2&gt;', $str );
  $str = str_replace ( 'javascript:', 'javascript:', $str );
  }
 return $str;
}
/**
 * 获取当前页面完整URL地址
 */
function get_url() {
 $sys_protocal = isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443' ? 'https://' : 'http://';
 $php_self = $_SERVER['PHP_SELF'] ? safe_replace($_SERVER['PHP_SELF']) : safe_replace($_SERVER['SCRIPT_NAME']);
 $path_info = isset($_SERVER['PATH_INFO']) ? safe_replace($_SERVER['PATH_INFO']) : '';
 $relate_url = isset($_SERVER['REQUEST_URI']) ? safe_replace($_SERVER['REQUEST_URI']) : $php_self.(isset($_SERVER['QUERY_STRING']) ? '?'.safe_replace($_SERVER['QUERY_STRING']) : $path_info);
 return $sys_protocal.(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '').$relate_url;
}
/**
 * 字符截取 支持UTF8/GBK
 * @param $string
 * @param $length
 * @param $dot
 */
function str_cut($string, $length, $dot = '...') {
 $strlen = strlen($string);
 if($strlen <= $length) return $string;
 $string = str_replace(array(' ','&nbsp;', '&amp;', '&quot;', '&#039;', '&ldquo;', '&rdquo;', '&mdash;', '&lt;', '&gt;', '&middot;', '&hellip;'), array('∵',' ', '&', '"', "'", '“', '”', '—', '<', '>', '·', '…'), $string);
 $strcut = '';
 if(strtolower(CHARSET) == 'utf-8') {
  $length = intval($length-strlen($dot)-$length/3);
  $n = $tn = $noc = 0;
  while($n < strlen($string)) {
   $t = ord($string[$n]);
   if($t == 9 || $t == 10 || (32 <= $t && $t <= 126)) {
    $tn = 1; $n++; $noc++;
   } elseif(194 <= $t && $t <= 223) {
    $tn = 2; $n += 2; $noc += 2;
   } elseif(224 <= $t && $t <= 239) {
    $tn = 3; $n += 3; $noc += 2;
   } elseif(240 <= $t && $t <= 247) {
    $tn = 4; $n += 4; $noc += 2;
   } elseif(248 <= $t && $t <= 251) {
    $tn = 5; $n += 5; $noc += 2;
   } elseif($t == 252 || $t == 253) {
    $tn = 6; $n += 6; $noc += 2;
   } else {
    $n++;
   }
   if($noc >= $length) {
    break;
   }
  }
  if($noc > $length) {
   $n -= $tn;
  }
  $strcut = substr($string, 0, $n);
  $strcut = str_replace(array('∵', '&', '"', "'", '“', '”', '—', '<', '>', '·', '…'), array(' ', '&amp;', '&quot;', '&#039;', '&ldquo;', '&rdquo;', '&mdash;', '&lt;', '&gt;', '&middot;', '&hellip;'), $strcut);
 } else {
  $dotlen = strlen($dot);
  $maxi = $length - $dotlen - 1;
  $current_str = '';
  $search_arr = array('&',' ', '"', "'", '“', '”', '—', '<', '>', '·', '…','∵');
  $replace_arr = array('&amp;','&nbsp;', '&quot;', '&#039;', '&ldquo;', '&rdquo;', '&mdash;', '&lt;', '&gt;', '&middot;', '&hellip;',' ');
  $search_flip = array_flip($search_arr);
  for ($i = 0; $i < $maxi; $i++) {
   $current_str = ord($string[$i]) > 127 ? $string[$i].$string[++$i] : $string[$i];
   if (in_array($current_str, $search_arr)) {
    $key = $search_flip[$current_str];
    $current_str = str_replace($search_arr[$key], $replace_arr[$key], $current_str);
   }
   $strcut .= $current_str;
  }
 }
 return $strcut.$dot;
}
/**
 * 获取请求ip
 *
 * @return ip地址
 */
function ip() {
 if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
  $ip = getenv('HTTP_CLIENT_IP');
 } elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
  $ip = getenv('HTTP_X_FORWARDED_FOR');
 } elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
  $ip = getenv('REMOTE_ADDR');
 } elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
  $ip = $_SERVER['REMOTE_ADDR'];
 }
 return preg_match ( '/[\d\.]{7,15}/', $ip, $matches ) ? $matches [0] : '';
}
function get_cost_time() {
 $microtime = microtime ( TRUE );
 return $microtime - SYS_START_TIME;
}
/**
 * 程序执行时间
 *
 * @return int 单位ms
 */
function execute_time() {
 $stime = explode ( ' ', SYS_START_TIME );
 $etime = explode ( ' ', microtime () );
 return number_format ( ($etime [1] + $etime [0] - $stime [1] - $stime [0]), 6 );
}
/**
* 将字符串转换为数组
*
* @param string $data 字符串
* @return array 返回数组格式,如果,data为空,则返回空数组
*/
function string2array($data) {
 if($data == '') return array();
 $data = stripslashes($data);
 @eval("\$array = $data;");
 return $array;
}
/**
* 将数组转换为字符串
*
* @param array $data  数组
* @param bool $isformdata 如果为0,则不使用new_stripslashes处理,可选参数,默认为1
* @return string 返回字符串,如果,data为空,则返回空
*/
function array2string($data, $isformdata = 1) {
 if($data == '') return '';
 if($isformdata) $data = new_stripslashes($data);
 return addslashes(var_export($data, TRUE));
}
/**
* 转换字节数为其他单位
*
*
* @param string $filesize 字节大小
* @return string 返回大小
*/
function sizecount($filesize) {
 if ($filesize >= 1073741824) {
  $filesize = round($filesize / 1073741824 * 100) / 100 .' GB';
 } elseif ($filesize >= 1048576) {
  $filesize = round($filesize / 1048576 * 100) / 100 .' MB';
 } elseif($filesize >= 1024) {
  $filesize = round($filesize / 1024 * 100) / 100 . ' KB';
 } else {
  $filesize = $filesize.' Bytes';
 }
 return $filesize;
}
/**
* 字符串加密、解密函数
*
*
* @param string $txt  字符串
* @param string $operation ENCODE为加密,DECODE为解密,可选参数,默认为ENCODE,
* @param string $key  密钥:数字、字母、下划线
* @param string $expiry  过期时间
* @return string
*/
function sys_auth($string, $operation = 'ENCODE', $key = '', $expiry = 0) {
 $key_length = 4;
 $key = md5($key != '' ? $key : app_base::load_config('system', 'auth_key'));
 $fixedkey = md5($key);
 $egiskeys = md5(substr($fixedkey, 16, 16));
 $runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';
 $keys = md5(substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16));
 $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length));
 $i = 0; $result = '';
 $string_length = strlen($string);
 for ($i = 0; $i < $string_length; $i++){
  $result .= chr(ord($string{$i}) ^ ord($keys{$i % 32}));
 }
 if($operation == 'ENCODE') {
  return $runtokey . str_replace('=', '', base64_encode($result));
 } else {
  if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$egiskeys), 0, 16)) {
   return substr($result, 26);
  } else {
   return '';
  }
 }
}
/**
* 语言文件处理
*
* @param string  $language 标示符
* @param array  $pars 转义的数组,二维数组 ,'key1'=>'value1','key2'=>'value2',
* @param string  $modules 多个模块之间用半角逗号隔开,如:member,guestbook
* @return string  语言字符
*/
function L($language = 'no_language',$pars = array(), $modules = '') {
 static $LANG = array();
 static $LANG_MODULES = array();
 static $lang = '';
 if(defined('IN_ADMIN')) {
  $lang = SYS_STYLE ? SYS_STYLE : 'zh-cn';
 } else {
  $lang = app_base::load_config('system','lang');
 }
 if(!$LANG) {
  require_once CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.'system.lang.php';
  if(defined('IN_ADMIN')) require_once CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.'system_menu.lang.php';
  if(file_exists(CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.ROUTE_M.'.lang.php')) require_once CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.ROUTE_M.'.lang.php';
 }
 if(!empty($modules)) {
  $modules = explode(',',$modules);
  foreach($modules AS $m) {
   if(!isset($LANG_MODULES[$m])) require_once CODE_PATH.'languages'.DIRECTORY_SEPARATOR.$lang.DIRECTORY_SEPARATOR.$m.'.lang.php';
  }
 }
 if(!array_key_exists($language,$LANG)) {
  return $language;
 } else {
  $language = $LANG[$language];
  if($pars) {
   foreach($pars AS $_k=>$_v) {
    $language = str_replace('{'.$_k.'}',$_v,$language);
   }
  }
  return $language;
 }
}
/**
 * 模板调用
 *
 * @param $module
 * @param $template
 * @param $istag
 * @return unknown_type
 */
function template($module = 'content', $template = 'index', $style = '') {
 if(strpos($module, 'plugin/')!== false) {
  $plugin = str_replace('plugin/', '', $module);
  return p_template($plugin, $template,$style);
 }
 $module = str_replace('/', DIRECTORY_SEPARATOR, $module);
 if(!empty($style) && preg_match('/([a-z0-9\-_]+)/is',$style)) {
 } elseif (empty($style) && !defined('STYLE')) {
  if(defined('SITEID')) {
   $siteid = SITEID;
  } else {
   $siteid = param::get_cookie('siteid');
  }
  if (!$siteid) $siteid = 1;
  $sitelist = getcache('sitelist','commons');
  if(!empty($siteid)) {
   $style = $sitelist[$siteid]['default_style'];
  }
 } elseif (empty($style) && defined('STYLE')) {
  $style = STYLE;
 } else {
  $style = 'default';
 }
 if(!$style) $style = 'default';
 $template_cache = app_base::load_sys_class('template_cache');
 $compiledtplfile = ROOT_PATH.'caches'.DIRECTORY_SEPARATOR.'caches_template'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.php';
 if(file_exists(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html')) {
  if(!file_exists($compiledtplfile) || (@filemtime(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html') > @filemtime($compiledtplfile))) {
   $template_cache->template_compile($module, $template, $style);
  }
 } else {
  $compiledtplfile = ROOT_PATH.'caches'.DIRECTORY_SEPARATOR.'caches_template'.DIRECTORY_SEPARATOR.'default'.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.php';
  if(!file_exists($compiledtplfile) || (file_exists(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.'default'.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html') && filemtime(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.'default'.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html') > filemtime($compiledtplfile))) {
   $template_cache->template_compile($module, $template, 'default');
  } elseif (!file_exists(CODE_PATH.'templates'.DIRECTORY_SEPARATOR.'default'.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html')) {
   showmessage('Template does not exist.'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.$module.DIRECTORY_SEPARATOR.$template.'.html');
  }
 }
 return $compiledtplfile;
}
/**
 * 输出自定义错误
 *
 * @param $errno 错误号
 * @param $errstr 错误描述
 * @param $errfile 报错文件地址
 * @param $errline 错误行号
 * @return string 错误提示
 */
function my_error_handler($errno, $errstr, $errfile, $errline) {
 if($errno==8) return '';
 $errfile = str_replace(ROOT_PATH,'',$errfile);
 if(app_base::load_config('system','errorlog')) {
  error_log('<?php exit;?>'.date('m-d H:i:s',SYS_TIME).' | '.$errno.' | '.str_pad($errstr,30).' | '.$errfile.' | '.$errline."\r\n", 3, CACHE_PATH.'error_log.php');
 } else {
  $str = '<div style="font-size:12px;text-align:left; border-bottom:1px solid #9cc9e0; border-right:1px solid #9cc9e0;padding:1px 4px;color:#000000;font-family:Arial, Helvetica,sans-serif;"><span>errorno:' . $errno . ',str:' . $errstr . ',file:<font color="blue">' . $errfile . '</font>,line' . $errline .'<br />Need Help?</span></div>';
  echo $str;
 }
}
/**
 * 提示信息页面跳转,跳转地址如果传入数组,页面会提示多个地址供用户选择,默认跳转地址为数组的第一个值,时间为5秒。
 * showmessage('登录成功', array('默认跳转地址'=>'http://www.baidu.com'));
 * @param string $msg 提示信息
 * @param mixed(string/array) $url_forward 跳转地址
 * @param int $ms 跳转等待时间
 */
function showmessage($msg, $url_forward = 'goback', $ms = 1250, $dialog = '', $returnjs = '') {
 if(defined('IN_ADMIN')) {
  include(admin::admin_tpl('showmessage', 'admin'));
 } else {
  include(template('content', 'message'));
 }
 exit;
}
/**
 * 查询字符是否存在于某字符串
 *
 * @param $haystack 字符串
 * @param $needle 要查找的字符
 * @return bool
 */
function str_exists($haystack, $needle)
{
 return !(strpos($haystack, $needle) === FALSE);
}
/**
 * 取得文件扩展
 *
 * @param $filename 文件名
 * @return 扩展名
 */
function fileext($filename) {
 return strtolower(trim(substr(strrchr($filename, '.'), 1, 10)));
}
/**
 * 加载模板标签缓存
 * @param string $name 缓存名
 * @param integer $times 缓存时间
 */
function tpl_cache($name,$times = 0) {
 $filepath = 'tpl_data';
 $info = getcacheinfo($name, $filepath);
 if (SYS_TIME - $info['filemtime'] >= $times) {
  return false;
 } else {
  return getcache($name,$filepath);
 }
}
/**
 * 写入缓存,默认为文件缓存,不加载缓存配置。
 * @param $name 缓存名称
 * @param $data 缓存数据
 * @param $filepath 数据路径(模块名称) caches/cache_$filepath/
 * @param $type 缓存类型[file,memcache,apc]
 * @param $config 配置名称
 * @param $timeout 过期时间
 */
function setcache($name, $data, $filepath='', $type='file', $c AND ', $in_column = false) {
 if($in_column && is_array($data)) {
  $ids = '\''.implode('\',\'', $data).'\'';
  $sql = "$in_column IN ($ids)";
  return $sql;
 } else {
  if ($front == '') {
   $front = ' AND ';
  }
  if(is_array($data) && count($data) > 0) {
   $sql = '';
   foreach ($data as $key => $val) {
    $sql .= $sql ? " $front $key = '$val' " : " $key = '$val' ";
   }
   return $sql;
  } else {
   return $data;
  }
 }
}
/**
 * 分页函数
 *
 * @param $num 信息总数
 * @param $curr_page 当前分页
 * @param $perpage 每页显示数
 * @param $urlrule URL规则
 * @param $array 需要传递的数组,用于增加额外的方法
 * @return 分页
 */
function pages($num, $curr_page, $perpage = 20, $urlrule = '', $array = array(),$setpages = 10) {
 if(defined('URLRULE') && $urlrule == '') {
  $urlrule = URLRULE;
  $array = $GLOBALS['URL_ARRAY'];
 } elseif($urlrule == '') {
  $urlrule = url_par('page={$page}');
 }
 $multipage = '';
 if($num > $perpage) {
  $page = $setpages+1;
  $offset = ceil($setpages/2-1);
  $pages = ceil($num / $perpage);
  if (defined('IN_ADMIN') && !defined('PAGES')) define('PAGES', $pages);
  $from = $curr_page - $offset;
  $to = $curr_page + $offset;
  $more = 0;
  if($page >= $pages) {
   $from = 2;
   $to = $pages-1;
  } else {
   if($from <= 1) {
    $to = $page-1;
    $from = 2;
   } elseif($to >= $pages) {
    $from = $pages-($page-2);
    $to = $pages-1;
   }
   $more = 1;
  }
  //$multipage .= '<a class="a1">'.$num.L('page_item').'</a>';
  if($curr_page>0) {
   $multipage .= ' <a href="'.pageurl($urlrule, $curr_page-1, $array).'" class="a1">'.L('previous').'</a>';
   if($curr_page==1) {
    $multipage .= ' <span>1</span>';
   } elseif($curr_page>6 && $more) {
    $multipage .= ' <a href="'.pageurl($urlrule, 1, $array).'">1</a>..';
   } else {
    $multipage .= ' <a href="'.pageurl($urlrule, 1, $array).'">1</a>';
   }
  }
  for($i = $from; $i <= $to; $i++) {
   if($i != $curr_page) {
    $multipage .= ' <a href="'.pageurl($urlrule, $i, $array).'">'.$i.'</a>';
   } else {
    $multipage .= ' <span>'.$i.'</span>';
   }
  }
  if($curr_page<$pages) {
   if($curr_page<$pages-5 && $more) {
    $multipage .= ' ..<a href="'.pageurl($urlrule, $pages, $array).'">'.$pages.'</a> <a href="'.pageurl($urlrule, $curr_page+1, $array).'" class="a1">'.L('next').'</a>';
   } else {
    $multipage .= ' <a href="'.pageurl($urlrule, $pages, $array).'">'.$pages.'</a> <a href="'.pageurl($urlrule, $curr_page+1, $array).'" class="a1">'.L('next').'</a>';
   }
  } elseif($curr_page==$pages) {
   $multipage .= ' <span>'.$pages.'</span> <a href="'.pageurl($urlrule, $curr_page, $array).'" class="a1">'.L('next').'</a>';
  } else {
   $multipage .= ' <a href="'.pageurl($urlrule, $pages, $array).'">'.$pages.'</a> <a href="'.pageurl($urlrule, $curr_page+1, $array).'" class="a1">'.L('next').'</a>';
  }
 }
 return $multipage;
}
function pages1($num, $curr_page, $perpage = 20, $urlrule = '', $array = array(),$setpages = 10) {
 if(defined('URLRULE') && $urlrule == '') {
  $urlrule = URLRULE;
  $array = $GLOBALS['URL_ARRAY'];
 } elseif($urlrule == '') {
  $urlrule = url_par('page={$page}');
 }
 $multipage = '';
 if($num > $perpage) {
  $page = $setpages+1;
  $offset = ceil($setpages/2-1);
  $pages = ceil($num / $perpage);
  if (defined('IN_ADMIN') && !defined('PAGES')) define('PAGES', $pages);
  $from = $curr_page - $offset;
  $to = $curr_page + $offset;
  $more = 0;
  if($page >= $pages) {
   $from = 2;
   $to = $pages-1;
  } else {
   if($from <= 1) {
    $to = $page-1;
    $from = 2;
   } elseif($to >= $pages) {
    $from = $pages-($page-2);
    $to = $pages-1;
   }
   $more = 1;
  }
  //$multipage .= '<a class="a1">'.$num.L('page_item').'</a>';
  if($curr_page>0) {
   $multipage .= ' <a href="###" class="a1">'.L('previous').'</a>';
   if($curr_page==1) {
    $multipage .= ' <span>1</span>';
   } elseif($curr_page>6 && $more) {
    $multipage .= ' <a href="###" /a>..';
   } else {
    $multipage .= ' <a href="###" /a>';
   }
  }
  for($i = $from; $i <= $to; $i++) {
   if($i != $curr_page) {
    $multipage .= ' <a href="###" /a>';
   } else {
    $multipage .= ' <span>'.$i.'</span>';
   }
  }
  if($curr_page<$pages) {
   if($curr_page<$pages-5 && $more) {
    $multipage .= ' ..<a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
   } else {
    $multipage .= ' <a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
   }
  } elseif($curr_page==$pages) {
   $multipage .= ' <span>'.$pages.'</span> <a href="###" class="a1">'.L('next').'</a>';
  } else {
   $multipage .= ' <a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
  }
 }
 return $multipage;
}
function pages2($num, $curr_page, $pages, $urlrule = '', $array = array(),$setpages = 10) {
 if(defined('URLRULE') && $urlrule == '') {
  $urlrule = URLRULE;
  $array = $GLOBALS['URL_ARRAY'];
 } elseif($urlrule == '') {
  $urlrule = url_par('page={$page}');
 }
 $multipage = '';
 if($pages > 1) {
  $page = $setpages+1;
  $offset = ceil($setpages/2-1);
  if (defined('IN_ADMIN') && !defined('PAGES')) define('PAGES', $pages);
  $from = $curr_page - $offset;
  $to = $curr_page + $offset;
  $more = 0;
  if($page >= $pages) {
   $from = 2;
   $to = $pages-1;
  } else {
   if($from <= 1) {
    $to = $page-1;
    $from = 2;
   } elseif($to >= $pages) {
    $from = $pages-($page-2);
    $to = $pages-1;
   }
   $more = 1;
  }
  //$multipage .= '<a class="a1">'.$num.L('page_item').'</a>';
  if($curr_page>0) {
   $multipage .= ' <a href="###" class="a1">'.L('previous').'</a>';
   if($curr_page==1) {
    $multipage .= ' <span>1</span>';
   } elseif($curr_page>6 && $more) {
    $multipage .= ' <a href="###" /a>..';
   } else {
    $multipage .= ' <a href="###" /a>';
   }
  }
  for($i = $from; $i <= $to; $i++) {
   if($i != $curr_page) {
    $multipage .= ' <a href="###" /a>';
   } else {
    $multipage .= ' <span>'.$i.'</span>';
   }
  }
  if($curr_page<$pages) {
   if($curr_page<$pages-5 && $more) {
    $multipage .= ' ..<a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
   } else {
    $multipage .= ' <a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
   }
  } elseif($curr_page==$pages) {
   $multipage .= ' <span>'.$pages.'</span> <a href="###" class="a1">'.L('next').'</a>';
  } else {
   $multipage .= ' <a href="###" /a> <a href="###" class="a1">'.L('next').'</a>';
  }
 }
 return $multipage;
}
/**
 * 返回分页路径
 *
 * @param $urlrule 分页规则
 * @param $page 当前页
 * @param $array 需要传递的数组,用于增加额外的方法
 * @return 完整的URL路径
 */
function pageurl($urlrule, $page, $array = array()) {
 if(strpos($urlrule, '~')) {
  $urlrules = explode('~', $urlrule);
  $urlrule = $page < 2 ? $urlrules[0] : $urlrules[1];
 }
 $findme = array('{$page}');
 $replaceme = array($page);
 if (is_array($array)) foreach ($array as $k=>$v) {
  $findme[] = '{$'.$k.'}';
  $replaceme[] = $v;
 }
 $url = str_replace($findme, $replaceme, $urlrule);
 $url = str_replace(array('http://','//','~'), array('~','/','http://'), $url);
 return $url;
}
/**
 * URL路径解析,pages 函数的辅助函数
 *
 * @param $par 传入需要解析的变量 默认为,page={$page}
 * @param $url URL地址
 * @return URL
 */
function url_par($par, $url = '') {
 if($url == '') $url = get_url();
 $pos = strpos($url, '?');
 if($pos === false) {
  $url .= '?'.$par;
 } else {
  $querystring = substr(strstr($url, '?'), 1);
  parse_str($querystring, $pars);
  $query_array = array();
  foreach($pars as $k=>$v) {
   if($k != 'page') $query_array[$k] = $v;
  }
  $querystring = http_build_query($query_array).'&'.$par;
  $url = substr($url, 0, $pos).'?'.$querystring;
 }
 return $url;
}
/**
 * 判断email格式是否正确
 * @param $email
 */
function is_email($email) {
 return strlen($email) > 6 && preg_match("/^[\w\-\.]+@[\w\-\.]+(\.\w+)+$/", $email);
}
/**
 * iconv 编辑转换
 */
if (!function_exists('iconv')) {
 function iconv($in_charset, $out_charset, $str) {
  $in_charset = strtoupper($in_charset);
  $out_charset = strtoupper($out_charset);
  if (function_exists('mb_convert_encoding')) {
   return mb_convert_encoding($str, $out_charset, $in_charset);
  } else {
   app_base::load_sys_func('iconv');
   $in_charset = strtoupper($in_charset);
   $out_charset = strtoupper($out_charset);
   if ($in_charset == 'UTF-8' && ($out_charset == 'GBK' || $out_charset == 'GB2312')) {
    return utf8_to_gbk($str);
   }
   if (($in_charset == 'GBK' || $in_charset == 'GB2312') && $out_charset == 'UTF-8') {
    return gbk_to_utf8($str);
   }
   return $str;
  }
 }
}
/**
 * 代码广告展示函数
 * @param intval $siteid 所属站点
 * @param intval $id 广告ID
 * @return 返回广告代码
 */
function show_ad($siteid, $id) {
 $siteid = intval($siteid);
 $id = intval($id);
 if(!$id || !$siteid) return false;
 $p = app_base::load_model('poster_model');
 $r = $p->get_one(array('spaceid'=>$id, 'siteid'=>$siteid), 'disabled, setting', 'id ASC');
 if ($r['disabled']) return '';
 if ($r['setting']) {
  $c = string2array($r['setting']);
 } else {
  $r['code'] = '';
 }
 return $c['code'];
}
/**
 * 获取当前的站点ID
 */
function get_siteid() {
 static $siteid;
 if (!empty($siteid)) return $siteid;
 if (defined('IN_ADMIN')) {
  if ($d = param::get_cookie('siteid')) {
   $siteid = $d;
  } else {
   return '';
  }
 } else {
  $data = getcache('sitelist', 'commons');
  if(!is_array($data)) return '1';
  $site_url = SITE_PROTOCOL.SITE_URL;
  foreach ($data as $v) {
   if ($v['url'] == $site_url.'/') $siteid = $v['siteid'];
  }
 }
 if (empty($siteid)) $siteid = 1;
 return $siteid;
}
/**
 * 获取用户昵称
 * 不传入userid取当前用户nickname,如果nickname为空取username
 * 传入field,取用户$field字段信息
 */
function get_nickname($userid='', $field='') {
 $return = '';
 if(is_numeric($userid)) {
  $member_db = app_base::load_model('member_model');
  $memberinfo = $member_db->get_one(array('userid'=>$userid));
  if(!empty($field) && $field != 'nickname' && isset($memberinfo[$field]) &&!empty($memberinfo[$field])) {
   $return = $memberinfo[$field];
  } else {
   $return = isset($memberinfo['nickname']) && !empty($memberinfo['nickname']) ? $memberinfo['nickname'].'('.$memberinfo['username'].')' : $memberinfo['username'];
  }
 } else {
  if (param::get_cookie('_nickname')) {
   $return .= '('.param::get_cookie('_nickname').')';
  } else {
   $return .= '('.param::get_cookie('_username').')';
  }
 }
 return $return;
}
/**
 * 获取用户信息
 * 不传入$field返回用户所有信息,
 * 传入field,取用户$field字段信息
 */
function get_memberinfo($userid, $field='') {
 if(!is_numeric($userid)) {
  return false;
 } else {
  static $memberinfo;
  if (!isset($memberinfo[$userid])) {
   $member_db = app_base::load_model('member_model');
   $memberinfo[$userid] = $member_db->get_one(array('userid'=>$userid));
  }
  if(!empty($field) && !empty($memberinfo[$userid][$field])) {
   return $memberinfo[$userid][$field];
  } else {
   return $memberinfo[$userid];
  }
 }
}
/**
 * 通过 username 值,获取用户所有信息
 * 获取用户信息
 * 不传入$field返回用户所有信息,
 * 传入field,取用户$field字段信息
 */
function get_memberinfo_buyusername($username, $field='') {
 if(empty($username)){return false;}
 static $memberinfo;
 if (!isset($memberinfo[$username])) {
  $member_db = app_base::load_model('member_model');
  $memberinfo[$username] = $member_db->get_one(array('username'=>$username));
 }
 if(!empty($field) && !empty($memberinfo[$username][$field])) {
  return $memberinfo[$username][$field];
 } else {
  return $memberinfo[$username];
 }
}
/**
 * 调用关联菜单
 * @param $linkageid 联动菜单id
 * @param $id 生成联动菜单的样式id
 * @param $defaultvalue 默认值
 */
function menu_linkage($linkageid = 0, $id = 'linkid', $defaultvalue = 0, $defaultlabel = array()) {
 $linkageid = intval($linkageid);
 $datas = array();
 $datas = getcache($linkageid,'linkage');
 $infos = $datas['data'];
 if($datas['style']=='1') {
  $title = $datas['title'];
  $container = 'content'.create_randomnum(100, 999).date('is');
  if(!defined('DIALOG_INIT_1')) {
   define('DIALOG_INIT_1', 1);
   $string .= '<script type="text/javascript" src="'.JS_PATH.'dialog.js"></script>';
   //TODO $string .= '<link href="'.CSS_PATH.'dialog.css" rel="stylesheet" type="text/css">';
  }
  if(!defined('LINKAGE_INIT_1')) {
   define('LINKAGE_INIT_1', 1);
   $string .= '<script type="text/javascript" src="'.JS_PATH.'linkage/js/pop.js"></script>';
  }
  $var_div = $defaultvalue && (ROUTE_A=='edit' || ROUTE_A=='account_manage_info' || ROUTE_A=='info_publish' || ROUTE_A=='orderinfo') ? menu_linkage_level($defaultvalue,$linkageid,$infos) : $datas['title'];
  $var_input = $defaultvalue && (ROUTE_A=='edit' || ROUTE_A=='account_manage_info' || ROUTE_A=='info_publish') ? '<input type="hidden" name="info['.$id.']" value="'.$defaultvalue.'">' : '<input type="hidden" name="info['.$id.']" value="">';
  $string .= '<div name="'.$id.'" value="" id="'.$id.'" class="ib">'.$var_div.'</div>'.$var_input.' <input type="button" name="btn_'.$id.'" class="button" value="'.L('linkage_select').'" >  $string .= '<script type="text/javascript">';
  $string .= 'var returnid_'.$id.'= \''.$id.'\';';
  $string .= 'var returnkeyid_'.$id.' = \''.$linkageid.'\';';
  $string .= 'var '.$container.' = new Array(';
  foreach($infos AS $k=>$v) {
   if($v['parentid'] == 0) {
    $s[]='new Array(\''.$v['linkageid'].'\',\''.$v['name'].'\',\''.$v['parentid'].'\')';
   } else {
    continue;
   }
  }
  $s = implode(',',$s);
  $string .=$s;
  $string .= ')';
  $string .= '</script>';
 } elseif($datas['style']=='2') {
  if(!defined('LINKAGE_INIT_1')) {
   define('LINKAGE_INIT_1', 1);
   $string .= '<script type="text/javascript" src="'.JS_PATH.'linkage/js/jquery.ld.js"></script>';
  }
  $default_txt = '';
  if($defaultvalue) {
    $default_txt = menu_linkage_level($defaultvalue,$linkageid,$infos);
    $default_txt = '["'.str_replace(' > ','","',$default_txt).'"]';
  }
  $string .= $defaultvalue && (ROUTE_A=='edit' || ROUTE_A=='account_manage_info' || ROUTE_A=='info_publish') ? '<input type="hidden" name="info['.$id.']" id="'.$id.'" value="'.$defaultvalue.'">' : '<input type="hidden" name="info['.$id.']" id="'.$id.'" value="">';
  for($i=1;$i<=$datas['setting']['level'];$i++) {
   $txt = isset($defaultlabel[$i]) ? $defaultlabel[$i] : '请选择';
   $string .='<select class="pc-select-'.$id.'" name="'.$id.'-'.$i.'" id="'.$id.'-'.$i.'" width="100"><option value="">' . $txt . '</option></select> ';
  }
  $string .= '<script type="text/javascript">
     $(function(){
      var $ld5 = $(".pc-select-'.$id.'");
      $ld5.ld({ajaxOptions : {"url" : "'.APP_PATH.'api.php?op=get_linkage&act=ajax_select&keyid='.$linkageid.'"},defaultParentId : 0,style : {"width" : 120}})
      var ld5_api = $ld5.ld("api");
      //ld5_api.selected('.$default_txt.');
      $ld5.bind("change",onchange);
      function onchange(e){
       var $target = $(e.target);
       var index = $ld5.index($target);
       $("#'.$id.'-'.$i.'").remove();
       $("#'.$id.'").val($ld5.eq(index).show().val());
       index ++;
       $ld5.eq(index).show();        }
     })
  </script>';
 } else {
  $title = $defaultvalue ? $infos[$defaultvalue]['name'] : $datas['title'];
  $colObj = create_randomnum(100, 999).date('is');
  $string = '';
  if(!defined('LINKAGE_INIT')) {
   define('LINKAGE_INIT', 1);
   $string .= '<script type="text/javascript" src="'.JS_PATH.'linkage/js/mln.colselect.js"></script>';
   if(defined('IN_ADMIN')) {
    $string .= '<link href="'.JS_PATH.'linkage/style/admin.css" rel="stylesheet" type="text/css">';
   } else {
    $string .= '<link href="'.JS_PATH.'linkage/style/css.css" rel="stylesheet" type="text/css">';
   }
  }
  $string .= '<input type="hidden" name="info['.$id.']" value="1"><div id="'.$id.'"></div>';
  $string .= '<script type="text/javascript">';
  $string .= 'var colObj'.$colObj.' = {"Items":[';
  foreach($infos AS $k=>$v) {
   $s .= '{"name":"'.$v['name'].'","topid":"'.$v['parentid'].'","colid":"'.$k.'","value":"'.$k.'","fun":function(){}},';
  }
  $string .= substr($s, 0, -1);
  $string .= ']};';
  $string .= '$("#'.$id.'").mlnColsel(colObj'.$colObj.',{';
  $string .= 'title:"'.$title.'",';
  $string .= 'value:"'.$defaultvalue.'",';
  $string .= 'width:100';
  $string .= '});';
  $string .= '</script>';
 }
 return $string;
}
/**
 * 联动菜单层级
 */
function menu_linkage_level($linkageid,$keyid,$infos,$result=array()) {
 if(array_key_exists($linkageid,$infos)) {
  $result[]=$infos[$linkageid]['name'];
  return menu_linkage_level($infos[$linkageid]['parentid'],$keyid,$infos,$result);
 }
 krsort($result);
 return implode(' > ',$result);
}
/**
 * 通过catid获取显示菜单完整结构
 * @param $menuid 菜单ID
 * @param $cache_file 菜单缓存文件名称
 * @param $cache_path 缓存文件目录
 * @param $key 取得缓存值的键值名称
 * @param $parentkey 父级的ID
 * @param $linkstring 链接字符
 */
function menu_level($menuid, $cache_file, $cache_path = 'commons', $key = 'catname', $parentkey = 'parentid', $linkstring = ' > ', $result=array()) {
 $menu_arr = getcache($cache_file, $cache_path);
 if (array_key_exists($menuid, $menu_arr)) {
  $result[] = $menu_arr[$menuid][$key];
  return menu_level($menu_arr[$menuid][$parentkey], $cache_file, $cache_path, $key, $parentkey, $linkstring, $result);
 }
 krsort($result);
 return implode($linkstring, $result);
}
/**
 * 通过id获取显示联动菜单
 * @param $linkageid 联动菜单ID
 * @param $keyid 菜单keyid
 * @param $space 菜单间隔符
 * @param $tyoe 1 返回间隔符链接,完整路径名称 3 返回完整路径数组,2返回当前联动菜单名称,4 直接返回ID
 * @param $result 递归使用字段1
 * @param $infos 递归使用字段2
 */
function get_linkage($linkageid, $keyid, $space = '>', $type = 1, $result = array(), $infos = array()) {
 if($space=='' || !isset($space))$space = '>';
 if(!$infos) {
  $datas = getcache($keyid,'linkage');
  $infos = $datas['data'];
 }
 if($type == 1 || $type == 3 || $type == 4) {
  if(array_key_exists($linkageid,$infos)) {
   $result[]= ($type == 1) ? $infos[$linkageid]['name'] : (($type == 4) ? $linkageid :$infos[$linkageid]);
   return get_linkage($infos[$linkageid]['parentid'], $keyid, $space, $type, $result, $infos);
  } else {
   if(count($result)>0) {
    krsort($result);
    if($type == 1 || $type == 4) $result = implode($space,$result);
    return $result;
   } else {
    return $result;
   }
  }
 } else {
  return $infos[$linkageid]['name'];
 }
}
/**
 * IE浏览器判断
 */
function is_ie() {
 $useragent = strtolower($_SERVER['HTTP_USER_AGENT']);
 if((strpos($useragent, 'opera') !== false) || (strpos($useragent, 'konqueror') !== false)) return false;
 if(strpos($useragent, 'msie ') !== false) return true;
 return false;
}
/**
 * 文件下载
 * @param $filepath 文件路径
 * @param $filename 文件名称
 */
function file_down($filepath, $filename = '') {
 if(!$filename) $filename = basename($filepath);
 if(is_ie()) $filename = rawurlencode($filename);
 $filetype = fileext($filename);
 $filesize = sprintf("%u", filesize($filepath));
 if(ob_get_length() !== false) @ob_end_clean();
 header('Pragma: public');
 header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
 header('Cache-Control: no-store, no-cache, must-revalidate');
 header('Cache-Control: pre-check=0, post-check=0, max-age=0');
 header('Content-Transfer-Encoding: binary');
 header('Content-Encoding: none');
 header('Content-type: '.$filetype);
 header('Content-Disposition: attachment; filename="'.$filename.'"');
 header('Content-length: '.$filesize);
 readfile($filepath);
 exit;
}
/**
 * 判断字符串是否为utf8编码,英文和半角字符返回ture
 * @param $string
 * @return bool
 */
function is_utf8($string) {
 return preg_match('%^(?:
     [\x09\x0A\x0D\x20-\x7E] # ASCII
     | [\xC2-\xDF][\x80-\xBF] # non-overlong 2-byte
     | \xE0[\xA0-\xBF][\x80-\xBF] # excluding overlongs
     | [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2} # straight 3-byte
     | \xED[\x80-\x9F][\x80-\xBF] # excluding surrogates
     | \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3
     | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15
     | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16
     )*$%xs', $string);
}
/**
 * 组装生成ID号
 * @param $modules 模块名
 * @param $contentid 内容ID
 * @param $siteid 站点ID
 */
function id_encode($modules,$contentid, $siteid) {
 return urlencode($modules.'-'.$contentid.'-'.$siteid);
}
/**
 * 解析ID
 * @param $id 评论ID
 */
function id_decode($id) {
 return explode('-', $id);
}
/**
 * 对用户的密码进行加密
 * @param $password
 * @param $encrypt //传入加密串,在修改密码时做认证
 * @return array/password
 */
function password($password, $encrypt='') {
 $pwd = array();
 $pwd['encrypt'] = $encrypt ? $encrypt : create_randomstr();
 $pwd['password'] = md5(md5(trim($password)).$pwd['encrypt']);
 return $encrypt ? $pwd['password'] : $pwd;
}
/**
 * 生成随机字符串
 * @param string $lenth 长度
 * @return string 字符串
 */
function create_randomstr($lenth = 6) {
 //openssl_random_pseudo_bytes
 $fp = @fopen('/dev/urandom','rb');
 $pr_bits = '';
 if ($fp !== FALSE) {
  $pr_bits .= @fread($fp,$lenth/2);
  @fclose($fp);
 }
 return bin2hex($pr_bits);
 //return random($lenth, '123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ');
}
/**
 * 生成随机数
 * @param string $lenth 长度
 * @return string 字符串
 */
function create_randomnum($min,$max) {
 //openssl_random_pseudo_bytes
 $difference = $max-$min;
 $bytesNeeded = ceil($difference/256);
 $fp = @fopen('/dev/urandom','rb');
 if ($fp !== FALSE) {
  $randomBytes = @fread($fp,$bytesNeeded);
  @fclose($fp);
 }
 $sum = 0;
 for ($a = 0; $a < $bytesNeeded; $a++){
  $sum += ord($randomBytes[$a]);
 }
 $sum = $sum % ($difference);
 return $sum + $min;
 //return random($lenth, '123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ');
}
/**
 * 检查密码长度是否符合规定
 *
 * @param STRING $password
 * @return  TRUE or FALSE
 */
function is_password($password) {
 $strlen = strlen($password);
 if($strlen >= 6 && $strlen <= 20) return true;
 return false;
}
 /**
 * 检测输入中是否含有错误字符
 *
 * @param char $string 要检查的字符串名称
 * @return TRUE or FALSE
 */
function is_badword($string) {
 $badwords = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n","#");
 foreach($badwords as $value){
  if(strpos($string, $value) !== FALSE) {
   return TRUE;
  }
 }
 return FALSE;
}
/**
 * 检查用户名是否符合规定
 *
 * @param STRING $username 要检查的用户名
 * @return  TRUE or FALSE
 */
function is_username($username) {
 $strlen = strlen($username);
 if(is_badword($username) || !preg_match("/^[a-zA-Z0-9_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]+$/", $username)){
  return false;
 } elseif ( 20 < $strlen || $strlen < 2 ) {
  return false;
 }
 return true;
}
/**
 * 检查id是否存在于数组中
 *
 * @param $id
 * @param $ids
 * @param $s
 */
function check_in($id, $ids = '', $s = ',') {
 if(!$ids) return false;
 $ids = explode($s, $ids);
 return is_array($id) ? array_intersect($id, $ids) : in_array($id, $ids);
}
/**
 * 对数据进行编码转换
 * @param array/string $data  数组
 * @param string $input  需要转换的编码
 * @param string $output 转换后的编码
 */
function array_iconv($data, $input = 'gbk', $output = 'utf-8') {
 if (!is_array($data)) {
  return iconv($input, $output, $data);
 } else {
  foreach ($data as $key=>$val) {
   if(is_array($val)) {
    $data[$key] = array_iconv($val, $input, $output);
   } else {
    $data[$key] = iconv($input, $output, $val);
   }
  }
  return $data;
 }
}
/**
 * 生成缩略图函数
 * @param $imgurl 图片路径
 * @param $width 缩略图宽度
 * @param $height 缩略图高度
 * @param $autocut 是否自动裁剪 默认裁剪,当高度或宽度有一个数值为0是,自动关闭
 * @param $smallpic 无图片是默认图片路径
 */
function thumb($imgurl, $width = 100, $height = 100 ,$autocut = 1, $smallpic = 'nopic.gif') {
 global $image;
 $upload_url = app_base::load_config('system','upload_url');
 $upload_path = app_base::load_config('system','upload_path');
 if(empty($imgurl)) return IMG_PATH.$smallpic;
 $imgurl_replace= str_replace($upload_url, '', $imgurl);
 if(!extension_loaded('gd') || strpos($imgurl_replace, '://')) return $imgurl;
 if(!file_exists($upload_path.$imgurl_replace)) return IMG_PATH.$smallpic;
 list($width_t, $height_t, $type, $attr) = getimagesize($upload_path.$imgurl_replace);
 if($width>=$width_t || $height>=$height_t) return $imgurl;
 $newimgurl = dirname($imgurl_replace).'/thumb_'.$width.'_'.$height.'_'.basename($imgurl_replace);
 if(file_exists($upload_path.$newimgurl)) return $upload_url.$newimgurl;
 if(!is_object($image)) {
  app_base::load_sys_class('image','','0');
  $image = new image(1,0);
 }
 return $image->thumb($upload_path.$imgurl_replace, $upload_path.$newimgurl, $width, $height, '', $autocut) ? $upload_url.$newimgurl : $imgurl;
}
/**
 * 水印添加
 * @param $source 原图片路径
 * @param $target 生成水印图片途径,默认为空,覆盖原图
 * @param $siteid 站点id,系统需根据站点id获取水印信息
 */
function watermark($source, $target = '',$siteid) {
 global $image_w;
 if(empty($source)) return $source;
 if(!extension_loaded('gd') || strpos($source, '://')) return $source;
 if(!$target) $target = $source;
 if(!is_object($image_w)){
  app_base::load_sys_class('image','','0');
  $image_w = new image(0,$siteid);
 }
  $image_w->watermark($source, $target);
 return $target;
}
/**
 * 当前路径
 * 返回指定栏目路径层级
 * @param $catid 栏目id
 * @param $symbol 栏目间隔符
 */
function catpos($catid, $symbol=' > '){
 $category_arr = array();
 $siteids = getcache('category_content','commons');
 $siteid = $siteids[$catid];
 $category_arr = getcache('category_content_'.$siteid,'commons');
 if(!isset($category_arr[$catid])) return '';
 $pos = '';
 $siteurl = siteurl($category_arr[$catid]['siteid']);
 $arrparentid = array_filter(explode(',', $category_arr[$catid]['arrparentid'].','.$catid));
 foreach($arrparentid as $catid) {
  $url = $category_arr[$catid]['url'];
 // if(strpos($url, '://') === false) $url = $siteurl.$url;
  $pos .= '<a href="'.$url.'">'.$category_arr[$catid]['catname'].'</a>'.$symbol;
 }
 return $pos;
}
/**
 * 根据catid获取子栏目数据的sql语句
 * @param string $module 缓存文件名
 * @param intval $catid 栏目ID
 */
function get_sql_catid($file = 'category_content_1', $catid = 0, $module = 'commons') {
 $category = getcache($file,$module);
 $catid = intval($catid);
 if(!isset($category[$catid])) return false;
 return $category[$catid]['child'] ? " catid IN(".$category[$catid]['arrchildid'].") " : " catid=$catid ";
}
/**
 * 获取子栏目
 * @param $parentid 父级id
 * @param $type 栏目类型
 * @param $self 是否包含本身 0为不包含
 * @param $siteid 站点id
 */
function subcat($parentid = NULL, $type = NULL,$self = '0', $siteid = '') {
 if (empty($siteid)) $siteid = get_siteid();
 $category = getcache('category_content_'.$siteid,'commons');
 foreach($category as $id=>$cat) {
  if($cat['siteid'] == $siteid && ($parentid === NULL || $cat['parentid'] == $parentid) && ($type === NULL || $cat['type'] == $type)) $subcat[$id] = $cat;
  if($self == 1 && $cat['catid'] == $parentid && !$cat['child']) $subcat[$id] = $cat;
 }
 return $subcat;
}
/**
 * 获取内容地址
 * @param $catid 栏目ID
 * @param $id  文章ID
 * @param $allurl 是否以绝对路径返回
 */
function go($catid,$id, $allurl = 0) {
 static $category;
 if(empty($category)) {
  $siteids = getcache('category_content','commons');
  $siteid = $siteids[$catid];
  $category = getcache('category_content_'.$siteid,'commons');
 }
 $id = intval($id);
 if(!$id || !isset($category[$catid])) return '';
 $modelid = $category[$catid]['modelid'];
 if(!$modelid) return '';
 $db = app_base::load_model('content_model');
 $db->set_model($modelid);
 $r = $db->setCache()->get_one(array('id'=>$id), 'url');
 if (!empty($allurl)) {
  if (strpos($r['url'], '://')===false) {
   if (strpos($category[$catid]['url'], '://') === FALSE) {
    $site = siteinfo($category[$catid]['siteid']);
    $r['url'] = substr($site['domain'], 0, -1).$r['url'];
   } else {
    $r['url'] = $category[$catid]['url'].$r['url'];
   }
  }
 }
 return $r['url'];
}
/**
 * 将附件地址转换为绝对地址
 * @param $path 附件地址
 */
function atturl($path) {
 if(strpos($path, ':/')) {
  return $path;
 } else {
  $sitelist = getcache('sitelist','commons');
  $siteid = get_siteid();
  $siteurl = $sitelist[$siteid]['domain'];
  $domainlen = strlen($sitelist[$siteid]['domain'])-1;
  $path = $siteurl.$path;
  $path = substr_replace($path, '/', strpos($path, '//',$domainlen),2);
  return  $path;
 }
}
/**
 * 判断模块是否安装
 * @param $m 模块名称
 */
function module_exists($m = '') {
 if ($m=='admin') return true;
 $modules = getcache('modules', 'commons');
 $modules = array_keys($modules);
 return in_array($m, $modules);
}
/**
 * 生成SEO
 * @param $siteid  站点ID
 * @param $catid  栏目ID
 * @param $title  标题
 * @param $description 描述
 * @param $keyword  关键词
 */
function seo($siteid, $catid = '', $title = '', $description = '', $keyword = '') {
 if (!empty($title))$title = strip_tags($title);
 if (!empty($description)) $description = strip_tags($description);
 if (!empty($keyword)) $keyword = str_replace(' ', ',', strip_tags($keyword));
 $sites = getcache('sitelist', 'commons');
 $site = $sites[$siteid];
 $cat = array();
 if (!empty($catid)) {
  $siteids = getcache('category_content','commons');
  $siteid = $siteids[$catid];
  $categorys = getcache('category_content_'.$siteid,'commons');
  $cat = $categorys[$catid];
  $cat['setting'] = string2array($cat['setting']);
 }
 $seo['site_title'] =isset($site['site_title']) && !empty($site['site_title']) ? $site['site_title'] : $site['name'];
 $seo['keyword'] = !empty($keyword) ? $keyword : $site['keywords'];
 $seo['description'] = isset($description) && !empty($description) ? $description : (isset($cat['setting']['meta_description']) && !empty($cat['setting']['meta_description']) ? $cat['setting']['meta_description'] : (isset($site['description']) && !empty($site['description']) ? $site['description'] : ''));
 $seo['title'] = (isset($title) && !empty($title) ? $title.' - ' : '').(isset($cat['setting']['meta_title']) && !empty($cat['setting']['meta_title']) ? $cat['setting']['meta_title'].' - ' : (isset($cat['catname']) && !empty($cat['catname']) ? $cat['catname'].' - ' : ''));
 foreach ($seo as $k=>$v) {
  $seo[$k] = str_replace(array("\n","\r"), '', $v);
 }
 return $seo;
}
/**
 * 获取站点的信息
 * @param $siteid 站点ID
 */
function siteinfo($siteid) {
 static $sitelist;
 if (empty($sitelist)) $sitelist = getcache('sitelist','commons');
 return isset($sitelist[$siteid]) ? $sitelist[$siteid] : '';
}
/**
 * 生成CNZZ统计代码
 */
function tjcode() {
 if(!module_exists('cnzz')) return false;
 $config = getcache('cnzz', 'commons');
 if (empty($config)) {
  return false;
 } else {
  return '<script src=\'http://pw.cnzz.com/c.php?id='.$config['siteid'].'&l=2\' language=\'JavaScript\' charset=\'gb2312\'></script>';
 }
}
/**
 * 生成标题样式
 * @param $style 样式
 * @param $html 是否显示完整的STYLE
 */
function title_style($style, $html = 1) {
 $str = '';
 if ($html) $str = ' style="';
 $style_arr = explode(';',$style);
 if (!empty($style_arr[0])) $str .= 'color:'.$style_arr[0].';';
 if (!empty($style_arr[1])) $str .= 'font-weight:'.$style_arr[1].';';
 if ($html) $str .= '" ';
 return $str;
}
/**
 * 获取站点域名
 * @param $siteid 站点id
 */
function siteurl($siteid) {
 static $sitelist;
 return WEB_PATH;
// if(!$siteid) return WEB_PATH;
// if(empty($sitelist)) $sitelist = getcache('sitelist','commons');
// return substr($sitelist[$siteid]['domain'],0,-1);
}
/**
 * 生成上传附件验证
 * @param $args 参数
 * @param $operation 操作类型(加密解密)
 */
function upload_key($args) {
 $pc_auth_key = md5(app_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT']);
 $authkey = md5($args.$pc_auth_key);
 return $authkey;
}
/**
 * 文本转换为图片
 * @param string $txt 图形化文本内容
 * @param int $fonttype 无外部字体时生成文字大小,取值范围1-5
 * @param int $fontsize 引入外部字体时,字体大小
 * @param string $font 字体名称 字体请放于app\libs\data\font下
 * @param string $fontcolor 字体颜色 十六进制形式 如FFFFFF,FF0000
 */
function string2img($txt, $fonttype = 5, $fontsize = 16, $font = '', $fontcolor = 'FF0000',$transparent = '1') {
 if(empty($txt)) return false;
 if(function_exists("imagepng")) {
  $txt = urlencode(sys_auth($txt));
  $txt = '<img src="'.APP_PATH.'api.php?op=creatimg&txt='.$txt.'&f '.$version['pc_release'];
 }
}
/**
 * 运行钩子(插件使用)
 */
function runhook($method) {
 $time_start = getmicrotime();
 $data = '';
 $getpclass = FALSE;
 $hook_appid = getcache('hook','plugins');
 if(!empty($hook_appid)) {
  foreach($hook_appid as $appid => $p) {
   $pluginfilepath = CODE_PATH.'plugin'.DIRECTORY_SEPARATOR.$p.DIRECTORY_SEPARATOR.'hook.class.php';
   $getpclass = TRUE;
   include_once $pluginfilepath;
  }
  $hook_appid = array_flip($hook_appid);
  if($getpclass) {
   $pclass = new ReflectionClass('hook');
   foreach($pclass->getMethods() as $r) {
    $legalmethods[] = $r->getName();
   }
  }
  if(in_array($method,$legalmethods)) {
   foreach (get_declared_classes() as $class){
    $refclass = new ReflectionClass($class);
    if($refclass->isSubclassOf('hook')){
     if ($_method = $refclass->getMethod($method)) {
       $classname = $refclass->getName();
      if ($_method->isPublic() && $_method->isFinal()) {
       plugin_stat($hook_appid[$classname]);
       $data .= $_method->invoke(null);
      }
     }
    }
   }
  }
  return $data;
 }
}
function getmicrotime() {
 list($usec, $sec) = explode(" ",microtime());
 return ((float)$usec + (float)$sec);
}
/**
 * 插件前台模板加载
 * Enter description here ...
 * @param unknown_type $module
 * @param unknown_type $template
 * @param unknown_type $style
 */
function p_template($plugin = 'content', $template = 'index',$style='default') {
 if(!$style) $style = 'default';
 $template_cache = app_base::load_sys_class('template_cache');
 $compiledtplfile = ROOT_PATH.'caches'.DIRECTORY_SEPARATOR.'caches_template'.DIRECTORY_SEPARATOR.$style.DIRECTORY_SEPARATOR.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.$template.'.php';
 if(!file_exists($compiledtplfile) || (file_exists(CODE_PATH.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.'templates'.DIRECTORY_SEPARATOR.$template.'.html') && filemtime(CODE_PATH.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.'templates'.DIRECTORY_SEPARATOR.$template.'.html') > filemtime($compiledtplfile))) {
  $template_cache->template_compile('plugin/'.$plugin, $template, 'default');
 } elseif (!file_exists(CODE_PATH.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.'templates'.DIRECTORY_SEPARATOR.$template.'.html')) {
  showmessage('Template does not exist.'.DIRECTORY_SEPARATOR.'plugin'.DIRECTORY_SEPARATOR.$plugin.DIRECTORY_SEPARATOR.$template.'.html');
 }
 return $compiledtplfile;
}
/**
 * 读取缓存动态页面
 */
function cache_page_start() {
 $relate_url = isset($_SERVER['REQUEST_URI']) ? safe_replace($_SERVER['REQUEST_URI']) : $php_self.(isset($_SERVER['QUERY_STRING']) ? '?'.safe_replace($_SERVER['QUERY_STRING']) : $path_info);
 define('CACHE_PAGE_ID', md5($relate_url));
 $contents = getcache(CACHE_PAGE_ID, 'page_tmp/'.substr(CACHE_PAGE_ID, 0, 2));
 if($contents && intval(substr($contents, 15, 10)) > SYS_TIME) {
  echo substr($contents, 29);
  exit;
 }
 if (!defined('HTML')) define('HTML',true);
 return true;
}
/**
 * 写入缓存动态页面
 */
function cache_page($ttl = 360, $isjs = 0) {
 if($ttl == 0 || !defined('CACHE_PAGE_ID')) return false;
 $contents = ob_get_contents();
 if($isjs) $contents = format_js($contents);
 $contents = "<!--expiretime:".(SYS_TIME + $ttl)."-->\n".$contents;
 setcache(CACHE_PAGE_ID, $contents, 'page_tmp/'.substr(CACHE_PAGE_ID, 0, 2));
}
/**
 *
 * 获取远程内容
 * @param $url 接口url地址
 * @param $timeout 超时时间
 */
function pc_file_get_contents($url, $timeout=30) {
 $stream = stream_context_create(array('http' => array('timeout' => $timeout)));
 return @file_get_contents($url, 0, $stream);
}
/**
 * Function get_vid
 * 获取视频信息
 * @param int $contentid 内容ID 必须
 * @param int $catid 栏目id 取内容里面视频信息时必须
 * @param int $isspecial 是否取专题的视频信息
 */
function get_vid($contentid = 0, $catid = 0, $isspecial = 0) {
 static $categorys;
 if (!$contentid) return false;
 if (!$isspecial) {
  if (!$catid) return false;
  $contentid = intval($contentid);
  $catid = intval($catid);
  $siteid = get_siteid();
  if (!$categorys) {
   $categorys = getcache('category_content_'.$siteid, 'commons');
  }
  $modelid = $categorys[$catid]['modelid'];
  $video_content = app_base::load_model('video_content_model');
  $r = $video_content->get_one(array('contentid'=>$contentid, 'modelid'=>$modelid), 'videoid', 'listorder ASC');
  $video_store =app_base::load_model('video_store_model');
  return $video_store->get_one(array('videoid'=>$r['videoid']));
 } else {
  $special_content = app_base::load_model('special_content_model');
  $contentid = intval($contentid);
  $video_store =app_base::load_model('video_store_model');
  $r = $special_content->get_one(array('id'=>$contentid), 'videoid');
  return $video_store->get_one(array('videoid'=>$r['videoid']));
 }
}
/**
 * Function dataformat
 * 时间转换
 * @param $n INT时间
 */
 function dataformat($n) {
 $hours = floor($n/3600);
 $minite = floor($n%3600/60);
 $secend = floor($n%3600%60);
 $minite = $minite < 10 ? "0".$minite : $minite;
 $secend = $secend < 10 ? "0".$secend : $secend;
 if($n >= 3600){
  return $hours.":".$minite.":".$secend;
 }else{
  return $minite.":".$secend;
 }
 }
 function httpResponse($status, $msg=''){
  $m = app_base::load_model('category_model');
  $CATEGORYS = $m->select(array('parentid'=>0),'*','','listorder');
  include CODE_PATH . 'libs'.DIRECTORY_SEPARATOR.'data'.DIRECTORY_SEPARATOR.'http'.DIRECTORY_SEPARATOR.$status.'.php';
 }
 function array_change_key_case_recursive($arr)
 {
  if(! $arr || !is_array($arr))return array();
 return array_map(function($item){
  if(is_array($item))
   $item = array_change_key_case_recursive($item);
  return $item;
 },array_change_key_case($arr));
 }
 function visitauth(){
  $vtime = time();
 $vsign = md5("cuichuande@ideadata.com.cn#$%" . $vtime);
 return "tm={$vtime}&sn={$vsign}";
 }
?>

第三部分

防止sql注入的函数,过滤掉那些非法的字符,提高sql安全性,同时也可以过滤XSS的攻击。
function filter($str)
{
    if (empty($str)) return false;
    $str = htmlspecialchars($str);
    $str = str_replace( '/', "", $str);
    $str = str_replace( '"', "", $str);
    $str = str_replace( '(', "", $str);
    $str = str_replace( ')', "", $str);
    $str = str_replace( 'CR', "", $str);
    $str = str_replace( 'ASCII', "", $str);
    $str = str_replace( 'ASCII 0x0d', "", $str);
    $str = str_replace( 'LF', "", $str);
    $str = str_replace( 'ASCII 0x0a', "", $str);
    $str = str_replace( ',', "", $str);
    $str = str_replace( '%', "", $str);
    $str = str_replace( ';', "", $str);
    $str = str_replace( 'eval', "", $str);
    $str = str_replace( 'open', "", $str);
    $str = str_replace( 'sysopen', "", $str);
    $str = str_replace( 'system', "", $str);
    $str = str_replace( '$', "", $str);
    $str = str_replace( "'", "", $str);
    $str = str_replace( "'", "", $str);
    $str = str_replace( 'ASCII 0x08', "", $str);
    $str = str_replace( '"', "", $str);
    $str = str_replace( '"', "", $str);
    $str = str_replace("", "", $str);
    $str = str_replace("&gt", "", $str);
    $str = str_replace("&lt", "", $str);
    $str = str_replace("<SCRIPT>", "", $str);
    $str = str_replace("</SCRIPT>", "", $str);
    $str = str_replace("<script>", "", $str);
    $str = str_replace("</script>", "", $str);
    $str = str_replace("select","",$str);
    $str = str_replace("join","",$str);
    $str = str_replace("union","",$str);
    $str = str_replace("where","",$str);
    $str = str_replace("insert","",$str);
    $str = str_replace("delete","",$str);
    $str = str_replace("update","",$str);
    $str = str_replace("like","",$str);
    $str = str_replace("drop","",$str);
    $str = str_replace("DROP","",$str);
    $str = str_replace("create","",$str);
    $str = str_replace("modify","",$str);
    $str = str_replace("rename","",$str);
    $str = str_replace("alter","",$str);
    $str = str_replace("cas","",$str);
    $str = str_replace("&","",$str);
    $str = str_replace(">","",$str);
    $str = str_replace("<","",$str);
    $str = str_replace(" ",chr(32),$str);
    $str = str_replace(" ",chr(9),$str);
    $str = str_replace("    ",chr(9),$str);
    $str = str_replace("&",chr(34),$str);
    $str = str_replace("'",chr(39),$str);
    $str = str_replace("<br />",chr(13),$str);
    $str = str_replace("''","'",$str);
    $str = str_replace("css","'",$str);
    $str = str_replace("CSS","'",$str);
    $str = str_replace("<!--","",$str);
    $str = str_replace("convert","",$str);
    $str = str_replace("md5","",$str);
    $str = str_replace("passwd","",$str);
    $str = str_replace("password","",$str);
    $str = str_replace("../","",$str);
    $str = str_replace("./","",$str);
    $str = str_replace("Array","",$str);
    $str = str_replace("or 1='1'","",$str);
    $str = str_replace(";set|set&set;","",$str);
    $str = str_replace("`set|set&set`","",$str);
    $str = str_replace("--","",$str);
    $str = str_replace("OR","",$str);
    $str = str_replace('"',"",$str);
    $str = str_replace("*","",$str);
    $str = str_replace("-","",$str);
    $str = str_replace("+","",$str);
    $str = str_replace("/","",$str);
    $str = str_replace("=","",$str);
    $str = str_replace("'/","",$str);
    $str = str_replace("-- ","",$str);
    $str = str_replace(" -- ","",$str);
    $str = str_replace(" --","",$str);
    $str = str_replace("(","",$str);
    $str = str_replace(")","",$str);
    $str = str_replace("{","",$str);
    $str = str_replace("}","",$str);
    $str = str_replace("-1","",$str);
    $str = str_replace("1","",$str);
    $str = str_replace(".","",$str);
    $str = str_replace("response","",$str);
    $str = str_replace("write","",$str);
    $str = str_replace("|","",$str);
    $str = str_replace("`","",$str);
    $str = str_replace(";","",$str);
    $str = str_replace("etc","",$str);
    $str = str_replace("root","",$str);
    $str = str_replace("//","",$str);
    $str = str_replace("!=","",$str);
    $str = str_replace("$","",$str);
    $str = str_replace("&","",$str);
    $str = str_replace("&&","",$str);
    $str = str_replace("==","",$str);
    $str = str_replace("#","",$str);
    $str = str_replace("@","",$str);
    $str = str_replace("mailto:","",$str);
    $str = str_replace("CHAR","",$str);
    $str = str_replace("char","",$str);
    return $str;
}
  
  
更加简便的防止sql注入的方法(推荐使用这个):
  
 if (!get_magic_quotes_gpc()) // 判断magic_quotes_gpc是否为打开    
 {    
    $post = addslashes($name); // magic_quotes_gpc没有打开的时候把数据过滤    
 }    
  
 $name = str_replace("_", "\_", $name); // 把 '_'过滤掉  
    
 $name = str_replace("%", "\%", $name); // 把' % '过滤掉    
  
 $name = nl2br($name); // 回车转换    
  
 $name= htmlspecialchars($name); // html标记转换   
      
 return $name;

PHP防XSS 防SQL注入的代码

/**
 * 过滤参数
 * @param string $str 接受的参数
 * @return string
 */
static public function filterWords($str)
{
    $farr = array(
            "/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU",
            "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
            "/select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|dump/is"
    );
    $str = preg_replace($farr,'',$str);
    return $str;
}
   
/**
 * 过滤接受的参数或者数组,如$_GET,$_POST
 * @param array|string $arr 接受的参数或者数组
 * @return array|string
 */
static public function filterArr($arr)
{
    if(is_array($arr)){
        foreach($arr as $k => $v){
            $arr[$k] = self::filterWords($v);
        }
    }else{
        $arr = self::filterWords($v);
    }
    return $arr;
}
在防止被注入攻击时,常会用到两个函数:htmlspecialchars()和addslashes() 、trim()函数。这两个函数都是对特殊字符进行转义。
 
1)addslashes()作用及使用
 
addslashes()通常用于防止sql注入,它可对通过get,post和cookie传递过来的参数的单引号和双引号已经null前加“\”进行转义
 
如:如变量$str=$_POST["str"];的值为:bb' or 1='1。通过addslashes()函数过滤后会变为:bb\' or 1=\'1;
 
2)htmlspecialchars()作用及使用
 
htmlspecialchars()也是对字符进行转义,与addslashes()不同的是htmlspecialchars()是将特殊字符用引用实体替换。
 
如<script>alert('xss')</script>通过htmlspecialchars()过滤后为<script>alert('xss')</script&gt
 
3)addslashes()与htmlspecialchars()的区别
 
除了两个函数的转义方式不同外,它们的使用也不同。
 
addslashes()通过用于防止sql语句注入,在执行sql语句前对通过get、post和cookie传递来的参数中的单引号,双引号,\ 和null进行转义。
 
但sql执行成功后,插入到数据库中的数据是不带有转义字符\的。这是如果插入到数据库中的是一些js脚本,当这些脚本被读取出来时还是会被执行。
 
这是我们可对读取出来的数据使用htmlspecialchars()进行过滤,避免执行被注入的脚本。