Posted By

kirik on 08/06/09


Tagged

sql php injection sanitize xss


Versions (?)

Who likes this?

4 people have marked this snippet as a favorite

VaiT
irishsk
umang_nine
silviud


Basic script for prevert SQL inj and XSS


 / Published in: PHP
 

Function for sanitize input POST, GET, COOKIE arrays.

  1. function filterInput(&$input)
  2. {
  3. $_SERVER['GPC_STATUS'] = get_magic_quotes_gpc(); // We do not want to call get_magic_quotes_gpc() function for each element of array
  4. array_walk_recursive($input, 'sanitizeIt'); // Sanitize each element of array
  5. }
  6.  
  7. function sanitizeIt(&$str)
  8. {
  9. if($_SERVER['GPC_STATUS']) // Just check variable
  10. $str = stripslashes($str);
  11.  
  12. $str = htmlspecialchars(rawurldecode(trim($str)), ENT_QUOTES, 'UTF-8');
  13. }
  14.  
  15. /** **** Examples ****
  16.  
  17. --- Without sanitize ---
  18. URL: /index.php?monkey=<foo>'bar\D
  19. Script:
  20. print_r($_GET);
  21. Result:
  22. Array
  23. (
  24. [monkey] => <foo>\'bar\\d
  25. )
  26. --- With sanitize ---
  27. URL: /index.php?monkey=<foo>'bar\D
  28. Script:
  29. filterInput($_GET);
  30. print_r($_GET);
  31. Result:
  32. Array
  33. (
  34. [monkey] => &lt;foo&gt;&#039;bar\d
  35. )
  36. **/

Report this snippet  

You need to login to post a comment.