Return to Snippet

Revision: 3792
at September 13, 2007 16:09 by lmcdougall


Initial Code
/*
+-------------------------------------------------------------------+
|______________________The_Sterilizer_Function______________________|
| PHP 5+ ONLY - Used to prevent SQLI and XSS attacks via user input |
|                                                                   |
| 1 *REQUIRED* value, 1 <OPTIONAL> value to call this function:     |
|   $input  = User input string to be cleansed                      |
|   #is_sql = Boolean. Whether or not $input is a sql query         |
+-------------------------------------------------------------------+
| Example of use:                                                   |
|   $username = sterilize($_POST['username']);                      |
|   $query = "SELECT * FROM users WHERE username = '$username'";    |
+-------------------------------------------------------------------+
*/

function sterilize ($input, $is_sql = false)
{
    $input = htmlentities($input, ENT_QUOTES);

    if(get_magic_quotes_gpc ())
    {
        $input = stripslashes ($input);
    }

    if ($is_sql)
    {
        $input = mysql_real_escape_string ($input);
    }

    $input = strip_tags($input);
    $input = str_replace("
", "\n", $input);

    return $input;
}

Initial URL

                                

Initial Description

                                

Initial Title
mysql injection on input

Initial Tags
mysql, php, textmate

Initial Language
Other