MySQL Forums
Forum List  »  PHP

Two usefull functions(XSS/SQL injection).
Posted by: Yousha Alayoub
Date: October 09, 2009 01:40PM

Hi,
function Safe_HTTP_Header($Str_Charset= 'ISO-8859-1')
{
$_SERVER['QUERY_STRING']= htmlentities(addslashes(&$_SERVER['QUERY_STRING']), ENT_COMPAT, &$Str_Charset);
$_SERVER['REQUEST_URI']= htmlentities(addslashes(&$_SERVER['REQUEST_URI']), ENT_COMPAT, &$Str_Charset);
$_SERVER['HTTP_USER_AGENT']= htmlentities(addslashes(&$_SERVER['HTTP_USER_AGENT']), ENT_COMPAT, &$Str_Charset);
}

function Safe_String($Str_Input, $Str_Type= 'all', $Str_Charset= 'ISO-8859-1', $Bln_SubStr= false, $Lng_MaximumLength= 0, $Bln_HTMLEntities= false)
{

switch(strtolower($Str_Type)):
case 'english':
case 'e': $Str_Input= preg_replace('/[^a-zA-Z]/i', '', &$Str_Input);
break;

case 'integer':
case 'i': $Str_Input= preg_replace('/[^0-9+-]/i', '', &$Str_Input);
break;

case 'number':
case 'n': $Str_Input= preg_replace('/[^0-9+.\/-]/i', '', &$Str_Input);
break;

case 'englishinteger':
case 'ei': $Str_Input= preg_replace('/[^a-zA-Z0-9+-]/i', '', &$Str_Input);
break;

case 'englishnumber':
case 'en': $Str_Input= preg_replace('/[^a-zA-Z0-9+.\/-]/i', '', &$Str_Input);
break;

case 'electronicmail':
case 'em': $Str_Input= preg_replace('/[^a-zA-Z0-9.@_-]/i', '', &$Str_Input);
break;

case 'file':
case 'f': $Str_Input= preg_replace('/[^a-zA-Z0-9+_.-]/i', '', &$Str_Input);
break;

case 'phone':
case 'ph': $Str_Input= preg_replace('/[^0-9+]/i', '', &$Str_Input);
break;

case 'internetprotocol':
case 'ip': $Str_Input= preg_replace('/[^0-9.:]/i', '', &$Str_Input);
break;
endswitch;

if($Bln_SubStr): $Str_Input= mb_substr(&$Str_Input, 0, &$Lng_MaximumLength, &$Str_Charset);
endif;
if($Bln_HTMLEntities): $Str_Input= htmlentities(&$Str_Input, ENT_COMPAT, &$Str_Charset);
endif;
unset($Bln_SubStr, $Bln_HTMLEntities);
return($Str_Input);
}
Goodluck. ;-)



Edited 1 time(s). Last edit at 10/12/2009 01:40AM by Yousha Alayoub.

Options: ReplyQuote


Subject
Written By
Posted
Two usefull functions(XSS/SQL injection).
October 09, 2009 01:40PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.