1 /**
2 * html转换输出(只转义' " 保留Html正常运行)
3 * @param $param
4 * @return string
5 */
6 function htmlEscape($param) {
7 return trim(htmlspecialchars($param, ENT_QUOTES));
8 }
9
10 /**
11 * 是否数组(同时检测数组中是否存在值)
12 * @param $params
13 * @return boolean
14 */
15 function isArray($params) {
16 return (!is_array($params) || !count($params)) ? false : true;
17 }
18
19 /**
20 * 变量是否在数组中存在(参数容错, 字符串是否存在于数组中)
21 * @param $param
22 * @param $params
23 * @return boolean
24 */
25 function inArray($param, $params) {
26 return (!in_array((string)$param, (array)$params)) ? false : true;
27 }
28
29 /**
30 * 通用多类型混合转义函数
31 * @param $var
32 * @param $strip
33 * @param $isArray
34 * @return mixture
35 */
36 function sqlEscape($var, $strip = true, $isArray = false) {
37 if (is_array($var)) {
38 if (!$isArray) return " '' ";
39 foreach ($var as $key => $value) {
40 $var[$key] = trim(S::sqlEscape($value, $strip));
41 }
42 return $var;
43 } elseif (is_numeric($var)) {
44 return " '" . $var . "' ";
45 } else {
46 return " '" . addslashes($strip ? stripslashes($var) : $var) . "' ";
47 }
48}
49
50 /**
51 * 获取服务器变量
52 * @param $keys
53 * @return string
54 */
55 function getServer($keys) {
56 $server = array();
57 $array = (array) $keys;
58 foreach ($array as $key) {
59 $server[$key] = NULL;
60 if (isset($_SERVER[$key])) {
61 $server[$key] &#61; str_replace(array(&#39;<&#39;,&#39;>&#39;,&#39;"&#39;,"&#39;",&#39;%3C&#39;,&#39;%3E&#39;,&#39;%22&#39;,&#39;%27&#39;,&#39;%3c&#39;,&#39;%3e&#39;), &#39;&#39;, $_SERVER[$key]);
62 }
63 }
64 return is_array($keys) ? $server : $server[$keys];
65 }
66
67 /**
68 * 变量转义
69 * &#64;param $array
70 */
71 function slashes(&$array) {
72 if (is_array($array)) {
73 foreach ($array as $key &#61;> $value) {
74 if (is_array($value)) {
75 S::slashes($array[$key]);
76 } else {
77 $array[$key] &#61; addslashes($value);
78 }
79 }
80 }
81 }
82
83 /**
84 * 目录转换
85 * &#64;param unknown_type $dir
86 * &#64;return string
87 */
88 function escapeDir($dir) {
89 $dir &#61; str_replace(array("&#39;",&#39;#&#39;,&#39;&#61;&#39;,&#39;&#96;&#39;,&#39;$&#39;,&#39;%&#39;,&#39;&&#39;,&#39;;&#39;), &#39;&#39;, $dir);
90 return rtrim(preg_replace(&#39;/(\/){2,}|(\\\){1,}/&#39;, &#39;/&#39;, $dir), &#39;/&#39;);
91 }
92 /**
93 * 通用多类型转换
94 * &#64;param $mixed
95 * &#64;param $isint
96 * &#64;param $istrim
97 * &#64;return mixture
98 */
99 function escapeChar($mixed, $isint &#61; false, $istrim &#61; false) {
100 if (is_array($mixed)) {
101 foreach ($mixed as $key &#61;> $value) {
102 $mixed[$key] &#61; S::escapeChar($value, $isint, $istrim);
103 }
104 } elseif ($isint) {
105 $mixed &#61; (int) $mixed;
106 } elseif (!is_numeric($mixed) && ($istrim ? $mixed &#61; trim($mixed) : $mixed) && $mixed) {
107 $mixed &#61; S::escapeStr($mixed);
108 }
109 return $mixed;
110 }
111 /**
112 * 字符转换
113 * &#64;param $string
114 * &#64;return string
115 */
116 function escapeStr($string) {
117 $string &#61; str_replace(array("\0","%00","\r"), &#39;&#39;, $string); //modified&#64;2010-7-5
118 $string &#61; preg_replace(array(&#39;/[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]/&#39;,&#39;/&(?!(#[0-9]&#43;|[a-z]&#43;);)/is&#39;), array(&#39;&#39;, &#39;&&#39;), $string);
119 $string &#61; str_replace(array("%3C",&#39;<&#39;), &#39;<&#39;, $string);
120 $string &#61; str_replace(array("%3E",&#39;>&#39;), &#39;>&#39;, $string);
121 $string &#61; str_replace(array(&#39;"&#39;,"&#39;","\t",&#39; &#39;), array(&#39;"&#39;,&#39;&#39;&#39;,&#39; &#39;,&#39; &#39;), $string);
122 return $string;
123 }
124 /**
125 * 变量检查
126 * &#64;param $var
127 */
128 function checkVar(&$var) {
129 if (is_array($var)) {
130 foreach ($var as $key &#61;> $value) {
131 S::checkVar($var[$key]);
132 }
133 } elseif (P_W !&#61; &#39;admincp&#39;) {
134 $var &#61; str_replace(array(&#39;..&#39;,&#39;)&#39;,&#39;<&#39;,&#39;&#61;&#39;), array(&#39;&#46;&#46;&#39;,&#39;&#41;&#39;,&#39;<&#39;,&#39;&#61;&#39;), $var);
135 } elseif (str_replace(array(&#39;) !&#61; $var) {
136 global $basename;
137 $basename &#61; &#39;Javascript:history.go(-1);&#39;;
138 adminmsg(&#39;word_error&#39;);
139 }
140 }