Отфильтрует ли такая функция все опасные конструкции (XSS, инъекции и подобное)?
Или необходимо еще что-то добавить?
function filter_text_form ($text)
{
$text = strip_tags ($text);//вырезаем HTML теги
$text = str_replace ("'", ''', $text);
$text = str_replace ('"', '"', $text);
$text = str_replace ("`", ''', $text);
$text = str_replace ('«', '«', $text);
$text = str_replace ('»', '»', $text);
$text = str_replace ("′", ''', $text);
$text = str_replace ('″', '"', $text);
$text = str_replace ("‘", ''', $text);
$text = str_replace ("’", ''', $text);
$text = str_replace ("‚", ',', $text);
$text = str_replace ('“', ''', $text);
$text = str_replace ('”', ''', $text);
$text = str_replace ('„', ',', $text);
$text = str_replace (' ', ' ', $text);//двойной пробел
$text = str_replace ('%', '', $text);
$text = str_replace ("\\", '-', $text);//обратный слеш
$text = str_replace ('<', '<', $text);
$text = str_replace ('>', '>', $text);
$text = str_ireplace ('union', '', $text);
$text = str_ireplace ('char', '', $text);
$text = str_ireplace ('get', '', $text);
$text = str_ireplace ('select', '', $text);
$text = str_ireplace ('update', '', $text);
$text = str_ireplace ('group', '', $text);
$text = str_ireplace ('order', '', $text);
$text = str_ireplace ('benchmark', '', $text);
$text = str_ireplace ('connect', '', $text);
connect_db(); $text = mysql_real_escape_string ($text);
return $text;
}
