preg_replace($reg,$replace,$content) //使用正則表達式匹配字符串,並替換
strip_tags($string) //去掉所有 html 標籤
htmlspecialchars($string) //轉義 html 標籤,一般對傳入的參數進行處理,防止 XSS 攻擊。
html_entity_decode($body, ENT_QUOTES) //用這個將 htmlspecialchars 轉義後的內容反轉回來。
附上一些 preg_replace() 函數的實際用法:
preg_replace("/s+/", " ", $str); //過濾多餘回車
preg_replace("/<[ ]+/si","<",$str); //過濾<__("<"號後面帶空格)
preg_replace("/<!--.*?-->/si","",$str); //註釋
preg_replace("/<(!.*?)>/si","",$str); //過濾 DOCTYPE
preg_replace("/<(/?html.*?)>/si","",$str); //過濾 html 標籤
preg_replace("/<(/?head.*?)>/si","",$str); //過濾 head 標籤
preg_replace("/<(/?meta.*?)>/si","",$str); //過濾 meta 標籤
preg_replace("/<(/?body.*?)>/si","",$str); //過濾 body 標籤
preg_replace("/<(/?link.*?)>/si","",$str); //過濾 link 標籤
preg_replace("/<(/?form.*?)>/si","",$str); //過濾 form 標籤
preg_replace("/cookie/si","COOKIE",$str); //過濾 COOKIE 標籤
preg_replace("/<(applet.*?)>(.*?)<(/applet.*?)>/si","",$str); //過濾 applet 標籤及標籤內的內容
preg_replace("/<(/?applet.*?)>/si","",$str); //過濾 applet 標籤
preg_replace("/<(style.*?)>(.*?)<(/style.*?)>/si","",$str); //過濾 style 標籤及標籤內的內容
preg_replace("/<(/?style.*?)>/si","",$str); //過濾 style 標籤
preg_replace("/<(title.*?)>(.*?)<(/title.*?)>/si","",$str); //過濾 title 標籤及標籤內的內容
preg_replace("/<(/?title.*?)>/si","",$str); //過濾 title 標籤
preg_replace("/<(object.*?)>(.*?)<(/object.*?)>/si","",$str); //過濾 object 標籤及標籤內的內容
preg_replace("/<(/?objec.*?)>/si","",$str); //過濾 object 標籤
preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","",$str); //過濾 script 標籤及標籤內的內容
preg_replace("/<(/?script.*?)>/si","",$str); //過濾 script 標籤
preg_replace("/javascript/si","Javascript",$str); //過濾 script 標籤