Advanced Search

Basic script for prevert SQL inj and XSS

/ Published in: PHP
Save to your folder(s)
Function for sanitize input POST, GET, COOKIE arrays.

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. function filterInput(&$input)
  2. {
  3. 	$_SERVER['GPC_STATUS'] = get_magic_quotes_gpc(); // We do not want to call get_magic_quotes_gpc() function for each element of array
  4. 	array_walk_recursive($input, 'sanitizeIt'); // Sanitize each element of array
  5. }
  6.  
  7. function sanitizeIt(&$str)
  8. {
  9. 	if($_SERVER['GPC_STATUS']) // Just check variable
  10. 		$str = stripslashes($str);
  11.  
  12. 	$str = htmlspecialchars(rawurldecode(trim($str)), ENT_QUOTES, 'UTF-8');
  13. }
  14.  
  15. /** **** Examples ****
  16.  
  17. 	--- Without sanitize ---
  18. 		URL: /index.php?monkey=<foo>'bar\D
  19. 		Script:
  20. 			print_r($_GET);
  21. 		Result:
  22. 			Array
  23. 			(
  24. 				[monkey] => <foo>\'bar\\d
  25. 			)
  26. 	--- With sanitize ---
  27. 		URL: /index.php?monkey=<foo>'bar\D
  28. 		Script:
  29. 			filterInput($_GET);
  30. 			print_r($_GET);
  31. 		Result:
  32. 			Array
  33. 			(
  34. 				[monkey] => &lt;foo&gt;&#039;bar\d
  35. 			)
  36. **/

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.