Posted By

mrglazzz on 06/22/13


Tagged

php


Versions (?)

Sanitize database inputs


 / Published in: PHP
 

Sanitize database inputs

  1. function cleanInput($input) {
  2.  
  3. $search = array(
  4. '@<script[^>]*?>.*?</script>@si', // Strip out javascript
  5. '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
  6. '@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
  7. '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
  8. );
  9.  
  10. $output = preg_replace($search, '', $input);
  11. return $output;
  12. }
  13. ?>
  14. <?php
  15. function sanitize($input) {
  16. if (is_array($input)) {
  17. foreach($input as $var=>$val) {
  18. $output[$var] = sanitize($val);
  19. }
  20. }
  21. else {
  22. $input = stripslashes($input);
  23. }
  24. $input = cleanInput($input);
  25. $output = mysql_real_escape_string($input);
  26. }
  27. return $output;
  28. }

Report this snippet  

You need to login to post a comment.