"Perfect" anti-XSS and anti-SQL injection code spray

Haha, I have posted a paragraph before, here is another paragraph. The company believes that these two codes in this project are very good and can prevent all code attacks, so I will publish them here. Please break it, please hurry up and break it.

function gjj($str)
{
 $farr = array(
 "/\s+/",
 "/<(\/?)(script|i?frame|style|html|body|title |link|meta|object|\?|\%)([^>]*?)>/isU",
 "/(<[^>]*)on[a-zA-Z]+ s*=([^>]*>)/isU",
 );
 $str = preg_replace($farr,"",$str);
 return addslashes($str);
}

function hg_input_bb ($array)
{
 if (is_array($array))
 {
 foreach($array AS $k => $v)
 {
 $array[$k] = hg_input_bb($v);
 }
 }
 else
 {
 $array = gjj($array);
 }
 return $array;
}
$_REQUEST = hg_input_bb($_REQUEST);
$_GET = hg_input_bb($_GET);
$_POST = hg_input_bb( $_POST);