Posted By

lmcdougall on 09/13/07


Tagged

mysql php textmate


Versions (?)

Who likes this?

3 people have marked this snippet as a favorite

basicmagic
vali29
heinz1959


mysql injection on input


 / Published in: Other
 

  1. /*
  2. +-------------------------------------------------------------------+
  3. |______________________The_Sterilizer_Function______________________|
  4. | PHP 5+ ONLY - Used to prevent SQLI and XSS attacks via user input |
  5. | |
  6. | 1 *REQUIRED* value, 1 <OPTIONAL> value to call this function: |
  7. | $input = User input string to be cleansed |
  8. | #is_sql = Boolean. Whether or not $input is a sql query |
  9. +-------------------------------------------------------------------+
  10. | Example of use: |
  11. | $username = sterilize($_POST['username']); |
  12. | $query = "SELECT * FROM users WHERE username = '$username'"; |
  13. +-------------------------------------------------------------------+
  14. */
  15.  
  16. function sterilize ($input, $is_sql = false)
  17. {
  18. $input = htmlentities($input, ENT_QUOTES);
  19.  
  20. if(get_magic_quotes_gpc ())
  21. {
  22. $input = stripslashes ($input);
  23. }
  24.  
  25. if ($is_sql)
  26. {
  27. $input = mysql_real_escape_string ($input);
  28. }
  29.  
  30. $input = strip_tags($input);
  31. $input = str_replace("
  32. ", "\n", $input);
  33.  
  34. return $input;
  35. }

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: peteypablonz on November 21, 2007

not the best option mate. yours isn't exactly secure

use mine: http://snipplr.com/view/4165/clean-user-input-data--get-post-cookie-/

You need to login to post a comment.