mysql injection on input


/ Published in: Other
Save to your folder(s)



Copy this code and paste it in your HTML
  1. /*
  2. +-------------------------------------------------------------------+
  3. |______________________The_Sterilizer_Function______________________|
  4. | PHP 5+ ONLY - Used to prevent SQLI and XSS attacks via user input |
  5. | |
  6. | 1 *REQUIRED* value, 1 <OPTIONAL> value to call this function: |
  7. | $input = User input string to be cleansed |
  8. | #is_sql = Boolean. Whether or not $input is a sql query |
  9. +-------------------------------------------------------------------+
  10. | Example of use: |
  11. | $username = sterilize($_POST['username']); |
  12. | $query = "SELECT * FROM users WHERE username = '$username'"; |
  13. +-------------------------------------------------------------------+
  14. */
  15.  
  16. function sterilize ($input, $is_sql = false)
  17. {
  18. $input = htmlentities($input, ENT_QUOTES);
  19.  
  20. if(get_magic_quotes_gpc ())
  21. {
  22. $input = stripslashes ($input);
  23. }
  24.  
  25. if ($is_sql)
  26. {
  27. $input = mysql_real_escape_string ($input);
  28. }
  29.  
  30. $input = strip_tags($input);
  31. $input = str_replace("
  32. ", "\n", $input);
  33.  
  34. return $input;
  35. }

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.