php判断xss攻击

//判断是否是xss攻击
  
function _xss_check() {
   //urldecode解码已编码的URL 字符串
   //解码 过后的url串
   $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
  
   if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
     die('报告：xss攻击');
      }
   return true;
}