function xss_security() {
$url = html_entity_decode(urldecode($_SERVER['QUERY_STRING']));
if ($url) {
if((strpos($url, '<') !== false) AND
(strpos($url, '>') !== false) AND
(strpos($url, '"') !== false) AND
(strpos($url, './') !== false) AND
(strpos($url, '../') !== false) AND
(strpos($url, '\'') !== false) AND
(strpos($url, '.php') !== false) AND
(strpos($url, '(') !== false) AND
(strpos($url, ')') !== false) AND
(strpos($url, '/*') !== false)) return die("Hacked!!");
}
$url = html_entity_decode(urldecode($_SERVER['REQUEST_URI']));
if($url) {
if((strpos( $url, '<' ) !== false) AND
(strpos( $url, '>' ) !== false) AND
(strpos( $url, '"' ) !== false) AND
(strpos( $url, '\'' ) !== false) AND
(strpos($url, '(') !== false) AND
(strpos($url, ')') !== false) AND
(strpos($url, '/*') !== false)) return die("Hacked!!");
}
}