Two usefull functions(XSS/SQL injection).
Hi,
function Safe_HTTP_Header($Str_Charset= 'ISO-8859-1')
{
$_SERVER['QUERY_STRING']= htmlentities(addslashes(&$_SERVER['QUERY_STRING']), ENT_COMPAT, &$Str_Charset);
$_SERVER['REQUEST_URI']= htmlentities(addslashes(&$_SERVER['REQUEST_URI']), ENT_COMPAT, &$Str_Charset);
$_SERVER['HTTP_USER_AGENT']= htmlentities(addslashes(&$_SERVER['HTTP_USER_AGENT']), ENT_COMPAT, &$Str_Charset);
}
function Safe_String($Str_Input, $Str_Type= 'all', $Str_Charset= 'ISO-8859-1', $Bln_SubStr= false, $Lng_MaximumLength= 0, $Bln_HTMLEntities= false)
{
switch(strtolower($Str_Type)):
case 'english':
case 'e': $Str_Input= preg_replace('/[^a-zA-Z]/i', '', &$Str_Input);
break;
case 'integer':
case 'i': $Str_Input= preg_replace('/[^0-9+-]/i', '', &$Str_Input);
break;
case 'number':
case 'n': $Str_Input= preg_replace('/[^0-9+.\/-]/i', '', &$Str_Input);
break;
case 'englishinteger':
case 'ei': $Str_Input= preg_replace('/[^a-zA-Z0-9+-]/i', '', &$Str_Input);
break;
case 'englishnumber':
case 'en': $Str_Input= preg_replace('/[^a-zA-Z0-9+.\/-]/i', '', &$Str_Input);
break;
case 'electronicmail':
case 'em': $Str_Input= preg_replace('/[^a-zA-Z0-9.@_-]/i', '', &$Str_Input);
break;
case 'file':
case 'f': $Str_Input= preg_replace('/[^a-zA-Z0-9+_.-]/i', '', &$Str_Input);
break;
case 'phone':
case 'ph': $Str_Input= preg_replace('/[^0-9+]/i', '', &$Str_Input);
break;
case 'internetprotocol':
case 'ip': $Str_Input= preg_replace('/[^0-9.:]/i', '', &$Str_Input);
break;
endswitch;
if($Bln_SubStr): $Str_Input= mb_substr(&$Str_Input, 0, &$Lng_MaximumLength, &$Str_Charset);
endif;
if($Bln_HTMLEntities): $Str_Input= htmlentities(&$Str_Input, ENT_COMPAT, &$Str_Charset);
endif;
unset($Bln_SubStr, $Bln_HTMLEntities);
return($Str_Input);
}
Goodluck. ;-)
Edited 1 time(s). Last edit at 10/12/2009 01:40AM by Yousha Alayoub.