Basic script for prevert SQL inj and XSS


/ Published in: PHP
Save to your folder(s)

Function for sanitize input POST, GET, COOKIE arrays.


Copy this code and paste it in your HTML
  1. function filterInput(&$input)
  2. {
  3. $_SERVER['GPC_STATUS'] = get_magic_quotes_gpc(); // We do not want to call get_magic_quotes_gpc() function for each element of array
  4. array_walk_recursive($input, 'sanitizeIt'); // Sanitize each element of array
  5. }
  6.  
  7. function sanitizeIt(&$str)
  8. {
  9. if($_SERVER['GPC_STATUS']) // Just check variable
  10. $str = stripslashes($str);
  11.  
  12. $str = htmlspecialchars(rawurldecode(trim($str)), ENT_QUOTES, 'UTF-8');
  13. }
  14.  
  15. /** **** Examples ****
  16.  
  17. --- Without sanitize ---
  18. URL: /index.php?monkey=<foo>'bar\D
  19. Script:
  20. print_r($_GET);
  21. Result:
  22. Array
  23. (
  24. [monkey] => <foo>\'bar\\d
  25. )
  26. --- With sanitize ---
  27. URL: /index.php?monkey=<foo>'bar\D
  28. Script:
  29. filterInput($_GET);
  30. print_r($_GET);
  31. Result:
  32. Array
  33. (
  34. [monkey] => &lt;foo&gt;&#039;bar\d
  35. )
  36. **/

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.