preg_replace($reg,$replace,$content) //使用正则表达式匹配字符串,并替换
strip_tags($string) //去掉所有 html 标签
htmlspecialchars($string) //转义 html 标签,一般对传入的参数进行处理,防止 XSS 攻击。
html_entity_decode($body, ENT_QUOTES) //用这个将 htmlspecialchars 转义后的内容反转回来。
附上一些 preg_replace() 函数的实际用法:
preg_replace("/s+/", " ", $str); //过滤多余回车
preg_replace("/<[ ]+/si","<",$str); //过滤<__("<"号后面带空格)
preg_replace("/<!--.*?-->/si","",$str); //注释
preg_replace("/<(!.*?)>/si","",$str); //过滤 DOCTYPE
preg_replace("/<(/?html.*?)>/si","",$str); //过滤 html 标签
preg_replace("/<(/?head.*?)>/si","",$str); //过滤 head 标签
preg_replace("/<(/?meta.*?)>/si","",$str); //过滤 meta 标签
preg_replace("/<(/?body.*?)>/si","",$str); //过滤 body 标签
preg_replace("/<(/?link.*?)>/si","",$str); //过滤 link 标签
preg_replace("/<(/?form.*?)>/si","",$str); //过滤 form 标签
preg_replace("/cookie/si","COOKIE",$str); //过滤 COOKIE 标签
preg_replace("/<(applet.*?)>(.*?)<(/applet.*?)>/si","",$str); //过滤 applet 标签及标签内的内容
preg_replace("/<(/?applet.*?)>/si","",$str); //过滤 applet 标签
preg_replace("/<(style.*?)>(.*?)<(/style.*?)>/si","",$str); //过滤 style 标签及标签内的内容
preg_replace("/<(/?style.*?)>/si","",$str); //过滤 style 标签
preg_replace("/<(title.*?)>(.*?)<(/title.*?)>/si","",$str); //过滤 title 标签及标签内的内容
preg_replace("/<(/?title.*?)>/si","",$str); //过滤 title 标签
preg_replace("/<(object.*?)>(.*?)<(/object.*?)>/si","",$str); //过滤 object 标签及标签内的内容
preg_replace("/<(/?objec.*?)>/si","",$str); //过滤 object 标签
preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","",$str); //过滤 script 标签及标签内的内容
preg_replace("/<(/?script.*?)>/si","",$str); //过滤 script 标签
preg_replace("/javascript/si","Javascript",$str); //过滤 script 标签