php 对输入信息的进行安全过滤的函数代码

<br>// define constannts for input reading <br>define('INPUT_GET', 0x0101); <br>define('INPUT_POST', 0x0102); <br>define('INPUT_GPC', 0x0103); <br><br>/** <br>* Read input value and convert it for internal use <br>* Performs stripslashes() and charset conversion if necessary <br>* <br>* @param string Field name to read <br>* @param int Source to get value from (GPC) <br>* @param boolean Allow HTML tags in field value <br>* @param string Charset to convert into <br>* @return string Field value or NULL if not available <br>*/ <br>function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) { <br>$value = NULL; <br><br>if ($source == INPUT_GET && isset($_GET[$fname])) <br>$value = $_GET[$fname]; <br>else if ($source == INPUT_POST && isset($_POST[$fname])) <br>$value = $_POST[$fname]; <br>else if ($source == INPUT_GPC) { <br>if (isset($_POST[$fname])) <br>$value = $_POST[$fname]; <br>else if (isset($_GET[$fname])) <br>$value = $_GET[$fname]; <br>else if (isset($_COOKIE[$fname])) <br>$value = $_COOKIE[$fname]; <br>} <br><br>if (empty($value)) <br>return $value; <br><br>// strip single quotes if magic_quotes_sybase is enabled <br>if (ini_get('magic_quotes_sybase')) <br>$value = str_replace("''", "'", $value); <br>// strip slashes if magic_quotes enabled <br>else if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) <br>$value = stripslashes($value); <br><br>// remove HTML tags if not allowed <br>if (!$allow_html) <br>$value = strip_tags($value); <br><br>// convert to internal charset <br>return $value; <br>} <br> <br>用法：get_input_value('_uid', INPUT_GET)