Snippets

Basic Data Securing

Secures every data available within the POST & GET From XSS & SQL injection.
of course to run the clean() function the script myst be connected to a database, in order for the mysql_real_escape_string() function to work
Usage:
Putting this snippet at the top of the page will do the job.
so we don’t have to add the clean function to evry single variable ouselves

// cleaning function
// of course. the script must be connected to a database.
function clean($data){ 
   return mysql_real_escape_string( htmlentities( $data ) );
}
// start filtering $_POST, $_GET and secure any data within
$data = array_merge($_POST, $_GET);
foreach( $data AS $key => $val )
{
   $data[ $key ] = clean( $val );
}

Share this snippet

 
  • http://www.alcidesramos.com AlcidesRC

    Hi,

    If you are using PHP5 (>= 5.2.0) you can make use of Filter functions, specially this one: filter_var_array, that gets multiple variables and optionally filters them.

    For more information, you can see the PHP reference guide: http://www.php.net/manual/en/function.filter-var-array.php

    Regards

  • Jonathan

    Some servers (with magic_quotes enabled) automatically addslashes the GET/POSTs so I advise using the following if you’re having that problem (otherwise you’d get double backslashes):

    $val )
    {
    $data[ $key ] = clean( $val );
    }
    ?>

    • Jonathan

      Hmm… it didn’t let me post the PHP -__-

      Here it is: http://pastebin.com/CR5wTKWq

  • http://www.budflick.com simon

    is this working? i tried it on my development server and nothing happened. the sql injections still gets through.