1 /** 2 * html转换输出(只转义' " 保留Html正常运行) 3 * @param $param 4 * @return string 5 */ 6 function htmlEscape($param) { 7 return trim(htmlspecialchars($param, ENT_QUOTES)); 8 } 9 10 /** 11 * 是否数组(同时检测数组中是否存在值) 12 * @param $params 13 * @return boolean 14 */ 15 function isArray($params) { 16 return (!is_array($params) || !count($params)) ? false : true; 17 } 18 19 /** 20 * 变量是否在数组中存在(参数容错, 字符串是否存在于数组中) 21 * @param $param 22 * @param $params 23 * @return boolean 24 */ 25 function inArray($param, $params) { 26 return (!in_array((string)$param, (array)$params)) ? false : true; 27 } 28 29 /** 30 * 通用多类型混合转义函数 31 * @param $var 32 * @param $strip 33 * @param $isArray 34 * @return mixture 35 */ 36 function sqlEscape($var, $strip = true, $isArray = false) { 37 if (is_array($var)) { 38 if (!$isArray) return " '' "; 39 foreach ($var as $key => $value) { 40 $var[$key] = trim(S::sqlEscape($value, $strip)); 41 } 42 return $var; 43 } elseif (is_numeric($var)) { 44 return " '" . $var . "' "; 45 } else { 46 return " '" . addslashes($strip ? stripslashes($var) : $var) . "' "; 47 } 48} 49 50 /** 51 * 获取服务器变量 52 * @param $keys 53 * @return string 54 */ 55 function getServer($keys) { 56 $server = array(); 57 $array = (array) $keys; 58 foreach ($array as $key) { 59 $server[$key] = NULL; 60 if (isset($_SERVER[$key])) { 61 $server[$key] = str_replace(array('<','>','"',"'",'%3C','%3E','%22','%27','%3c','%3e'), '', $_SERVER[$key]); 62 } 63 } 64 return is_array($keys) ? $server : $server[$keys]; 65 } 66 67 /** 68 * 变量转义 69 * @param $array 70 */ 71 function slashes(&$array) { 72 if (is_array($array)) { 73 foreach ($array as $key => $value) { 74 if (is_array($value)) { 75 S::slashes($array[$key]); 76 } else { 77 $array[$key] = addslashes($value); 78 } 79 } 80 } 81 } 82 83 /** 84 * 目录转换 85 * @param unknown_type $dir 86 * @return string 87 */ 88 function escapeDir($dir) { 89 $dir = str_replace(array("'",'#','=','`','$','%','&',';'), '', $dir); 90 return rtrim(preg_replace('/(/){2,}|(\){1,}/', '/', $dir), '/'); 91 } 92 /** 93 * 通用多类型转换 94 * @param $mixed 95 * @param $isint 96 * @param $istrim 97 * @return mixture 98 */ 99 function escapeChar($mixed, $isint = false, $istrim = false) { 100 if (is_array($mixed)) { 101 foreach ($mixed as $key => $value) { 102 $mixed[$key] = S::escapeChar($value, $isint, $istrim); 103 } 104 } elseif ($isint) { 105 $mixed = (int) $mixed; 106 } elseif (!is_numeric($mixed) && ($istrim ? $mixed = trim($mixed) : $mixed) && $mixed) { 107 $mixed = S::escapeStr($mixed); 108 } 109 return $mixed; 110 } 111 /** 112 * 字符转换 113 * @param $string 114 * @return string 115 */ 116 function escapeStr($string) { 117 $string = str_replace(array("�","%00"," "), '', $string); //modified@2010-7-5 118 $string = preg_replace(array('/[\x00-\x08\x0B\x0C\x0E-\x1F]/','/&(?!(#[0-9]+|[a-z]+);)/is'), array('', '&'), $string); 119 $string = str_replace(array("%3C",'<'), '<', $string); 120 $string = str_replace(array("%3E",'>'), '>', $string); 121 $string = str_replace(array('"',"'"," ",' '), array('"',''',' ',' '), $string); 122 return $string; 123 } 124 /** 125 * 变量检查 126 * @param $var 127 */ 128 function checkVar(&$var) { 129 if (is_array($var)) { 130 foreach ($var as $key => $value) { 131 S::checkVar($var[$key]); 132 } 133 } elseif (P_W != 'admincp') { 134 $var = str_replace(array('..',')','<','='), array('..',')','<','='), $var); 135 } elseif (str_replace(array('<iframe','<meta','<script'), '', $var) != $var) { 136 global $basename; 137 $basename = 'javascript:history.go(-1);'; 138 adminmsg('word_error'); 139 } 140 }