function
fn_safe(
$str_string
) {
$_arr_dangerChars
=
array
(
"|"
,
";"
,
"$"
,
"@"
,
"+"
,
"\t"
,
"\r"
,
"\n"
,
","
,
"("
,
")"
, PHP_EOL
);
$_arr_dangerRegs
=
array
(
"/<(script|frame|iframe|bgsound|link|object|applet|embed|blink|style|layer|ilayer|base|meta)\s+\S*>/i"
,
"/on(afterprint|beforeprint|beforeunload|error|haschange|load|message|offline|online|pagehide|pageshow|popstate|redo|resize|storage|undo|unload|blur|change|contextmenu|focus|formchange|forminput|input|invalid|reset|select|submit|keydown|keypress|keyup|click|dblclick|drag|dragend|dragenter|dragleave|dragover|dragstart|drop|mousedown|mousemove|mouseout|mouseover|mouseup|mousewheel|scroll|abort|canplay|canplaythrough|durationchange|emptied|ended|error|loadeddata|loadedmetadata|loadstart|pause|play|playing|progress|ratechange|readystatechange|seeked|seeking|stalled|suspend|timeupdate|volumechange|waiting)\s*=\s*(\"|')?\S*(\"|')?/i"
,
"/\w+\s*=\s*(\"|')?(java|vb)script:\S*(\"|')?/i"
,
"/(document|location)\s*\.\s*\S*/i"
,
"/(eval|alert|prompt|msgbox)\s*\(.*\)/i"
,
"/expression\s*:\s*\S*/i"
,
"/show\s+(databases|tables|index|columns)/i"
,
"/create\s+(database|table|(unique\s+)?index|view|procedure|proc)/i"
,
"/alter\s+(database|table)/i"
,
"/drop\s+(database|table|index|view|column)/i"
,
"/backup\s+(database|log)/i"
,
"/truncate\s+table/i"
,
"/replace\s+view/i"
,
"/(add|change)\s+column/i"
,
"/(select|update|delete)\s+\S*\s+from/i"
,
"/insert\s+into/i"
,
"/load_file\s*\(.*\)/i"
,
"/(outfile|infile)\s+(\"|')?\S*(\"|')/i"
,
);
$_str_return
=
$str_string
;
foreach
(
$_arr_dangerChars
as
$_key
=>
$_value
) {
$_str_return
=
str_ireplace
(
$_value
,
""
,
$_str_return
);
}
foreach
(
$_arr_dangerRegs
as
$_key
=>
$_value
) {
$_str_return
= preg_replace(
$_value
,
""
,
$_str_return
);
}
$_str_return
= htmlentities(
$_str_return
, ENT_QUOTES,
"UTF-8"
, true);
return
$_str_return
;
}