Revision: 3792
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at September 13, 2007 16:09 by lmcdougall
Initial Code
/* +-------------------------------------------------------------------+ |______________________The_Sterilizer_Function______________________| | PHP 5+ ONLY - Used to prevent SQLI and XSS attacks via user input | | | | 1 *REQUIRED* value, 1 <OPTIONAL> value to call this function: | | $input = User input string to be cleansed | | #is_sql = Boolean. Whether or not $input is a sql query | +-------------------------------------------------------------------+ | Example of use: | | $username = sterilize($_POST['username']); | | $query = "SELECT * FROM users WHERE username = '$username'"; | +-------------------------------------------------------------------+ */ function sterilize ($input, $is_sql = false) { $input = htmlentities($input, ENT_QUOTES); if(get_magic_quotes_gpc ()) { $input = stripslashes ($input); } if ($is_sql) { $input = mysql_real_escape_string ($input); } $input = strip_tags($input); $input = str_replace(" ", "\n", $input); return $input; }
Initial URL
Initial Description
Initial Title
mysql injection on input
Initial Tags
mysql, php, textmate
Initial Language
Other