function htmldecode($str)
{
if(empty($str)) return;
if($str=="") return $str;
$str=str_replace("&",chr(34),$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace("&","&",$str);
$str=str_replace(" ",chr(32),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace("'",chr(39),$str);
$str=str_replace("<br />",chr(13),$str);
$str=str_replace("''","'",$str);
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast",$str);
$farr = array(
"/\s+/" , //¹ýÂ˶àÓàµÄ¿Õ°×
"/<(\/?)(img|script|i?frame|style|html|body|title|link|meta|\?|\%)([^>]*?)>/isU" , //¹ýÂË <script ·ÀÖ¹ÒýÈë¶ñÒâÄÚÈÝ»ò¶ñÒâ´úÂë,Èç¹û²»ÐèÒª²åÈëflashµÈ,»¹¿ÉÒÔ¼ÓÈë<objectµÄ¹ýÂË
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU" , //¹ýÂËjavascriptµÄonʼþ
);
$tarr = array(
" " ,
"<\\1\\2\\3>" , //Èç¹ûÒªÖ±½ÓÇå³ý²»°²È«µÄ±êÇ©£¬ÕâÀï¿ÉÒÔÁô¿Õ
"\\1\\2" ,
);
$str = preg_replace ( $farr , $tarr , $str );
return $str;
}
ÍøÉÏÕҵģ¬±¾ÈËÌ«ÀÁÁË£¬Ö±½Ó¿ÉÒÔÓá£
