我是小白,代码略加了一点小修改
function htmldecode($str)
{
if(empty($str)) return;
if($str=="") return $str;
$str=str_replace("&",chr(34),$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace("&","&",$str);
$str=str_replace(" ",chr(32),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace("'",chr(39),$str);
$str=str_replace("<br />",chr(13),$str);
$str=str_replace("''","'",$str);
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast",$str);
$str=str_replace("《","",$str);
$str=str_replace("》","",$str);
$str=str_replace("シ","",$str);
$str=str_replace("ゴ","鬼子文",$str);
$str=str_replace("ガ","鬼子文",$str);
$str=str_replace("ギ","鬼子文",$str);
$str=str_replace("ア","鬼子文",$str);
$str=str_replace("ゲ","鬼子文",$str);
$str=str_replace("ザ","鬼子文",$str);
$str=str_replace("ジ","鬼子文",$str);
$str=str_replace("ズ","鬼子文",$str);
$str=str_replace("ヅ","鬼子文",$str);
$str=str_replace("デ","鬼子文",$str);
$str=str_replace("ド","鬼子文",$str);
$str=str_replace("ポ","鬼子文",$str);
$str=str_replace("ベ","鬼子文",$str);
$str=str_replace("プ","鬼子文",$str);
$str=str_replace("ビ","鬼子文",$str);
$str=str_replace("パ","鬼子文",$str);
$str=str_replace("ヴ","鬼子文",$str);
$str=str_replace("ボ","鬼子文",$str);
$str=str_replace("ペ","鬼子文",$str);
$str=str_replace("ブ","鬼子文",$str);
$str=str_replace("ピ","鬼子文",$str);
$str=str_replace("バ","鬼子文",$str);
$str=str_replace("ヂ","鬼子文",$str);
$str=str_replace("ダ","鬼子文",$str);
$str=str_replace("ゾ","鬼子文",$str);
$str=str_replace("ゼ","鬼子文",$str);
$farr = array(
"'s+'" , //过滤多余的空白
"'<(//?)(img|script|i?frame|style|html|body|title|link|meta|/?|/%)([^>]*?)>'isU" , //过滤 <script 防止引入恶意内容或恶意代码,如果不需要插入flash等,还可以加入<object的过滤
"'(<[^>]*)on[a-zA-Z]+/s*=([^>]*>)'isU" , //过滤javascript的on事件
);
$tarr = array(
" " ,
"<//1//2//3>" , //如果要直接清除不安全的标签,这里可以留空
"//1//2" ,
);
$str =preg_replace( $farr , $tarr , $str );
return $str;
}