Return to Snippet

Revision: 16508
at August 6, 2009 15:01 by kirik


Initial Code
function filterInput(&$input)
{
	$_SERVER['GPC_STATUS'] = get_magic_quotes_gpc(); // We do not want to call get_magic_quotes_gpc() function for each element of array
	array_walk_recursive($input, 'sanitizeIt'); // Sanitize each element of array
}

function sanitizeIt(&$str)
{
	if($_SERVER['GPC_STATUS']) // Just check variable
		$str = stripslashes($str);

	$str = htmlspecialchars(rawurldecode(trim($str)), ENT_QUOTES, 'UTF-8');
}

/** **** Examples ****

	--- Without sanitize ---
		URL: /index.php?monkey=<foo>'bar\D
		Script:
			print_r($_GET);
		Result:
			Array
			(
				[monkey] => <foo>\'bar\\d
			)
	--- With sanitize ---
		URL: /index.php?monkey=<foo>'bar\D
		Script:
			filterInput($_GET);
			print_r($_GET);
		Result:
			Array
			(
				[monkey] => &lt;foo&gt;&#039;bar\d
			)
**/

Initial URL


Initial Description
Function for sanitize input POST, GET, COOKIE arrays.

Initial Title
Basic script for prevert SQL inj and XSS

Initial Tags
sql, php

Initial Language
PHP