MySQL Forums :: PHP :: Two usefull functions(XSS/SQL injection).


Advanced Search

Two usefull functions(XSS/SQL injection).
Posted by: Yousha Alayoub ()
Date: October 09, 2009 01:40PM

Hi,
function Safe_HTTP_Header($Str_Charset= 'ISO-8859-1')
{
$_SERVER['QUERY_STRING']= htmlentities(addslashes(&$_SERVER['QUERY_STRING']), ENT_COMPAT, &$Str_Charset);
$_SERVER['REQUEST_URI']= htmlentities(addslashes(&$_SERVER['REQUEST_URI']), ENT_COMPAT, &$Str_Charset);
$_SERVER['HTTP_USER_AGENT']= htmlentities(addslashes(&$_SERVER['HTTP_USER_AGENT']), ENT_COMPAT, &$Str_Charset);
}

function Safe_String($Str_Input, $Str_Type= 'all', $Str_Charset= 'ISO-8859-1', $Bln_SubStr= false, $Lng_MaximumLength= 0, $Bln_HTMLEntities= false)
{

switch(strtolower($Str_Type)):
case 'english':
case 'e': $Str_Input= preg_replace('/[^a-zA-Z]/i', '', &$Str_Input);
break;

case 'integer':
case 'i': $Str_Input= preg_replace('/[^0-9+-]/i', '', &$Str_Input);
break;

case 'number':
case 'n': $Str_Input= preg_replace('/[^0-9+.\/-]/i', '', &$Str_Input);
break;

case 'englishinteger':
case 'ei': $Str_Input= preg_replace('/[^a-zA-Z0-9+-]/i', '', &$Str_Input);
break;

case 'englishnumber':
case 'en': $Str_Input= preg_replace('/[^a-zA-Z0-9+.\/-]/i', '', &$Str_Input);
break;

case 'electronicmail':
case 'em': $Str_Input= preg_replace('/[^a-zA-Z0-9.@_-]/i', '', &$Str_Input);
break;

case 'file':
case 'f': $Str_Input= preg_replace('/[^a-zA-Z0-9+_.-]/i', '', &$Str_Input);
break;

case 'phone':
case 'ph': $Str_Input= preg_replace('/[^0-9+]/i', '', &$Str_Input);
break;

case 'internetprotocol':
case 'ip': $Str_Input= preg_replace('/[^0-9.:]/i', '', &$Str_Input);
break;
endswitch;

if($Bln_SubStr): $Str_Input= mb_substr(&$Str_Input, 0, &$Lng_MaximumLength, &$Str_Charset);
endif;
if($Bln_HTMLEntities): $Str_Input= htmlentities(&$Str_Input, ENT_COMPAT, &$Str_Charset);
endif;
unset($Bln_SubStr, $Bln_HTMLEntities);
return($Str_Input);
}
Goodluck. ;-)



Edited 1 time(s). Last edit at 10/12/2009 01:40AM by Yousha Alayoub.

Options: ReplyQuote


Subject Written By Posted
Two usefull functions(XSS/SQL injection). Yousha Alayoub 10/09/2009 01:40PM
Re: Two usefull functions(XSS/SQL injection). Rick James 10/11/2009 07:07PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.