advanced code snippet search

We Recommend

Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems
Wicked Cool PHP contains a wide variety of scripts to process credit cards, check the validity of email addresses, template HTML, and serve dynamic images and text.

Posted By

romanos on 05/29/08


Tagged

get xss hacker


Versions (?)


Who likes this?

1 person has marked this snippet as a favorite

heinz1959


Prevent any possible XSS attacks via $_GET

Published in: PHP 

This function from php-fusion - great CMS.

Plain TextExpand 
  1. // Prevent any possible XSS attacks via $_GET.
  2. foreach ($_GET as $check_url) {
  3. 	if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
  4. 		(eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
  5. 		(eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
  6. 		(eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) ||
  7. 		(eregi("\"", $check_url))) {
  8. 	die ();
  9. 	}
  10. }
  11. unset($check_url);

Report this snippet 

You need to login to post a comment.