Advanced Search

Sanitize (MySQL and XSS)

/ Published in: PHP
Save to your folder(s)
Just a small function to sanitize the user's input of any xss and sqli. I saw a lot of ones that didn't include htmlentities or htmlspecialchars, and were still vulnerable to persistent/reflected xss.

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. function clean($a)
  2. {
  3. 	if(get_magic_quotes_gpc())
  4. 	{
  5. 		$a = stripslashes($a);
  6. 	}
  7. 	$a = mysql_real_escape_string($a);
  8.         $a = htmlentities($a);
  9. 	return $a;
  10. }

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.