Revision: 41089
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at February 11, 2011 21:06 by bitstream
Initial Code
/* Sanitize class Copyright (C) 2007 CodeAssembly.com This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/ */ /** * Sanitize only one variable . * Returns the variable sanitized according to the desired type or true/false * for certain data types if the variable does not correspond to the given data type. * * NOTE: True/False is returned only for telephone, pin, id_card data types * * @param mixed The variable itself * @param string A string containing the desired variable type * @return The sanitized variable or true/false */ function sanitizeOne($var, $type) { switch ( $type ) { case 'int': // integer $var = (int) $var; break; case 'str': // trim string $var = trim ( $var ); break; case 'nohtml': // trim string, no HTML allowed $var = htmlentities ( trim ( $var ), ENT_QUOTES ); break; case 'plain': // trim string, no HTML allowed, plain text $var = htmlentities ( trim ( $var ) , ENT_NOQUOTES ) ; break; case 'upper_word': // trim string, upper case words $var = ucwords ( strtolower ( trim ( $var ) ) ); break; case 'ucfirst': // trim string, upper case first word $var = ucfirst ( strtolower ( trim ( $var ) ) ); break; case 'lower': // trim string, lower case words $var = strtolower ( trim ( $var ) ); break; case 'urle': // trim string, url encoded $var = urlencode ( trim ( $var ) ); break; case 'trim_urle': // trim string, url decoded $var = urldecode ( trim ( $var ) ); break; case 'telephone': // True/False for a telephone number $size = strlen ($var) ; for ($x=0;$x<$size;$x++) { if ( ! ( ( ctype_digit($var[$x] ) || ($var[$x]=='+') || ($var[$x]=='*') || ($var[$x]=='p')) ) ) { return false; } } return true; break; case 'sql': // True/False if the given string is SQL injection safe // insert code here, I usually use ADODB -> qstr() but depending on your needs you can use mysql_real_escape(); return mysql_real_escape_string($var); break; } return $var; } /** * Sanitize an array. * * sanitize($_POST, array('id'=>'int', 'name' => 'str')); * sanitize($customArray, array('id'=>'int', 'name' => 'str')); * * @param array $data * @param array $whatToKeep */ function sanitize( &$data, $whatToKeep ) { $data = array_intersect_key( $data, $whatToKeep ); foreach ($data as $key => $value) { $data[$key] = sanitizeOne( $data[$key] , $whatToKeep[$key] ); } }
Initial URL
Initial Description
Initial Title
sanitize functions
Initial Tags
Initial Language
PHP