Advanced Search

mysql injection on input

/ Published in: Other
Save to your folder(s)

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. /*
  2. +-------------------------------------------------------------------+
  3. |______________________The_Sterilizer_Function______________________|
  4. | PHP 5+ ONLY - Used to prevent SQLI and XSS attacks via user input |
  5. |                                                                   |
  6. | 1 *REQUIRED* value, 1 <OPTIONAL> value to call this function:     |
  7. |   $input  = User input string to be cleansed                      |
  8. |   #is_sql = Boolean. Whether or not $input is a sql query         |
  9. +-------------------------------------------------------------------+
  10. | Example of use:                                                   |
  11. |   $username = sterilize($_POST['username']);                      |
  12. |   $query = "SELECT * FROM users WHERE username = '$username'";    |
  13. +-------------------------------------------------------------------+
  14. */
  15.  
  16. function sterilize ($input, $is_sql = false)
  17. {
  18.     $input = htmlentities($input, ENT_QUOTES);
  19.  
  20.     if(get_magic_quotes_gpc ())
  21.     {
  22.         $input = stripslashes ($input);
  23.     }
  24.  
  25.     if ($is_sql)
  26.     {
  27.         $input = mysql_real_escape_string ($input);
  28.     }
  29.  
  30.     $input = strip_tags($input);
  31.     $input = str_replace("
  32. ", "\n", $input);
  33.  
  34.     return $input;
  35. }

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.