Revision: 16508
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at August 6, 2009 15:01 by kirik
Initial Code
function filterInput(&$input)
{
$_SERVER['GPC_STATUS'] = get_magic_quotes_gpc(); // We do not want to call get_magic_quotes_gpc() function for each element of array
array_walk_recursive($input, 'sanitizeIt'); // Sanitize each element of array
}
function sanitizeIt(&$str)
{
if($_SERVER['GPC_STATUS']) // Just check variable
$str = stripslashes($str);
$str = htmlspecialchars(rawurldecode(trim($str)), ENT_QUOTES, 'UTF-8');
}
/** **** Examples ****
--- Without sanitize ---
URL: /index.php?monkey=<foo>'bar\D
Script:
print_r($_GET);
Result:
Array
(
[monkey] => <foo>\'bar\\d
)
--- With sanitize ---
URL: /index.php?monkey=<foo>'bar\D
Script:
filterInput($_GET);
print_r($_GET);
Result:
Array
(
[monkey] => <foo>'bar\d
)
**/
Initial URL
Initial Description
Function for sanitize input POST, GET, COOKIE arrays.
Initial Title
Basic script for prevert SQL inj and XSS
Initial Tags
sql, php
Initial Language
PHP