function safeHTML($var)
{
if (is_array($var)) {
$out = array();
foreach ($var as $key => $v) {
$out[$key] = formspecialchars($v);
}
} else {
$out = htmlspecialchars_decode($var);
$out = htmlspecialchars(stripslashes(trim($out)), ENT_QUOTES);
}
return $out;
}
function formspecialchars($var)
{
$pattern = '/&(#)?[a-zA-Z0-9]{0,};/';
if (is_array($var)) {
$out = array();
// Set output as an array
foreach ($var as $key => $v) {
$out[$key] = formspecialchars($v);
// Run formspecialchars on every element of the array and return the result. Also maintains the keys.
}
} else {
$out = $var;
while (preg_match($pattern, $out) > 0) {
$out = htmlspecialchars_decode($out, ENT_QUOTES);
}
$out = htmlspecialchars(stripslashes(trim($out)), ENT_QUOTES, 'UTF-8', true);
// Trim the variable, strip all slashes, and encode it
}
return $out;
}
