if (! function_exists ( 'parameter_filter' )) { function parameter_filter($str, $type = 'string', $filterhtml = 0) { $patterns [0] = "/script/"; $replacements [0] = ""; ksort ( $patterns ); ksort ( $replacements ); $str = preg_replace ( $patterns, $replacements, $str ); $str = addslashes ( $str ); switch ($type) { case "string" : break; case "number" : $str += 0; break; default : break; } if ($filterhtml == 0) { $pattern [0] = '/&/'; $pattern [1] = '/</'; $pattern [2] = "/>/"; $pattern [3] = '/ /'; $pattern [4] = '/"/'; $pattern [5] = "/'/"; $pattern [6] = "/%/"; $pattern [7] = '/(/'; $pattern [8] = '/)/'; $pattern [9] = '/+/'; // $pattern[10] = '/-/'; $replacement [0] = '&'; $replacement [1] = '<'; $replacement [2] = '>'; $replacement [3] = '<br>'; $replacement [4] = '"'; $replacement [5] = '''; $replacement [6] = '%'; $replacement [7] = '('; $replacement [8] = ')'; $replacement [9] = '+'; // $replacement[10] = '-'; $str = preg_replace ( $pattern, $replacement, $str ); } return $str; }