Advanced Search

sanitize functions

/ Published in: PHP
Save to your folder(s)

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. /*
  2.     Sanitize class
  3.     Copyright (C) 2007 CodeAssembly.com
  4.  
  5.  
  6.     This program is free software: you can redistribute it and/or modify
  7.     it under the terms of the GNU General Public License as published by
  8.     the Free Software Foundation, either version 3 of the License, or
  9.     (at your option) any later version.
  10.  
  11.     This program is distributed in the hope that it will be useful,
  12.     but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.     GNU General Public License for more details.
  15.  
  16.  
  17.     You should have received a copy of the GNU General Public License
  18.     along with this program.  If not, see http://www.gnu.org/licenses/
  19.  
  20. */
  21.  
  22. /**
  23.  * Sanitize only one variable .
  24.  * Returns the variable sanitized according to the desired type or true/false
  25.  * for certain data types if the variable does not correspond to the given data type.
  26.  *
  27.  * NOTE: True/False is returned only for telephone, pin, id_card data types
  28.  *
  29.  * @param mixed The variable itself
  30.  * @param string A string containing the desired variable type
  31.  * @return The sanitized variable or true/false
  32.  */
  33.  
  34. function sanitizeOne($var, $type) {
  35.  
  36. 	switch ( $type ) {
  37.  
  38. 		case 'int': // integer
  39. 		$var = (int) $var;
  40. 		break;
  41.  
  42. 		case 'str': // trim string
  43. 		$var = trim ( $var );
  44. 		break;
  45.  
  46. 		case 'nohtml': // trim string, no HTML allowed
  47. 		$var = htmlentities ( trim ( $var ), ENT_QUOTES );
  48. 		break;
  49.  
  50. 		case 'plain': // trim string, no HTML allowed, plain text
  51. 		$var =  htmlentities ( trim ( $var ) , ENT_NOQUOTES )  ;
  52. 		break;
  53.  
  54. 		case 'upper_word': // trim string, upper case words
  55. 		$var = ucwords ( strtolower ( trim ( $var ) ) );
  56. 		break;
  57.  
  58. 		case 'ucfirst': // trim string, upper case first word
  59. 		$var = ucfirst ( strtolower ( trim ( $var ) ) );
  60. 		break;
  61.  
  62. 		case 'lower': // trim string, lower case words
  63. 		$var = strtolower ( trim ( $var ) );
  64. 		break;
  65.  
  66. 		case 'urle': // trim string, url encoded
  67. 		$var = urlencode ( trim ( $var ) );
  68. 		break;
  69.  
  70. 		case 'trim_urle': // trim string, url decoded
  71. 		$var = urldecode ( trim ( $var ) );
  72. 		break;
  73.  
  74. 		case 'telephone': // True/False for a telephone number
  75. 		$size = strlen ($var) ;
  76. 		for ($x=0;$x<$size;$x++) {
  77. 			if ( ! ( ( ctype_digit($var[$x] ) || ($var[$x]=='+') || ($var[$x]=='*') || ($var[$x]=='p')) ) ) {
  78. 				return false;
  79. 			}
  80. 		}
  81. 		return true;
  82. 		break;
  83.  
  84. 		case 'sql': // True/False if the given string is SQL injection safe
  85. 		//  insert code here, I usually use ADODB -> qstr() but depending on your needs you can use mysql_real_escape();
  86. 		return mysql_real_escape_string($var);
  87. 		break;
  88.  
  89. 	}
  90. 	return $var;
  91. }
  92.  
  93.  
  94.  
  95.  
  96.  
  97. /**
  98.  * Sanitize an array.
  99.  *
  100.  * sanitize($_POST, array('id'=>'int', 'name' => 'str'));
  101.  * sanitize($customArray, array('id'=>'int', 'name' => 'str'));
  102.  *
  103.  * @param array $data
  104.  * @param array $whatToKeep
  105.  */
  106.  
  107. function sanitize( &$data, $whatToKeep ) {
  108.  
  109. 	$data = array_intersect_key( $data, $whatToKeep );
  110. 	foreach ($data as $key => $value) {
  111. 		$data[$key] = sanitizeOne( $data[$key] , $whatToKeep[$key] );
  112. 	}
  113. }

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.