Advanced Search

PHP Functions to Clean User Input

/ Published in: PHP
Save to your folder(s)

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. <?php
  2. function cleanInput($input) {
  3.  
  4.   $search = array(
  5.     '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
  6.     '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
  7.     '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
  8.     '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
  9.   );
  10.  
  11.     $output = preg_replace($search, '', $input);
  12.     return $output;
  13.   }
  14. ?>
  15. <?php
  16. function sanitize($input) {
  17.     if (is_array($input)) {
  18.         foreach($input as $var=>$val) {
  19.             $output[$var] = sanitize($val);
  20.         }
  21.     }
  22.     else {
  23.         if (get_magic_quotes_gpc()) {
  24.             $input = stripslashes($input);
  25.         }
  26.         $input  = cleanInput($input);
  27.         $output = mysql_real_escape_string($input);
  28.     }
  29.     return $output;
  30. }
  31. ?>

URL: http://css-tricks.com/snippets/php/sanitize-database-inputs/

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.