Snippets

Basic Data Securing

Secures every data available within the POST & GET From XSS & SQL injection.
of course to run the clean() function the script myst be connected to a database, in order for the mysql_real_escape_string() function to work
Usage:
Putting this snippet at the top of the page will do the job.
so we don’t have to add the clean function to evry single variable ouselves

// cleaning function
// of course. the script must be connected to a database.
function clean($data){ 
   return mysql_real_escape_string( htmlentities( $data ) );
}
// start filtering $_POST, $_GET and secure any data within
$data = array_merge($_POST, $_GET);
foreach( $data AS $key => $val )
{
   $data[ $key ] = clean( $val );
}

Share this snippet

 

Comments (4) - Leave yours

  1. AlcidesRC said:

    Hi,

    If you are using PHP5 (>= 5.2.0) you can make use of Filter functions, specially this one: filter_var_array, that gets multiple variables and optionally filters them.

    For more information, you can see the PHP reference guide: http://www.php.net/manual/en/function.filter-var-array.php

    Regards

  2. Jonathan said:

    Some servers (with magic_quotes enabled) automatically addslashes the GET/POSTs so I advise using the following if you’re having that problem (otherwise you’d get double backslashes):

    $val )
    {
    $data[ $key ] = clean( $val );
    }
    ?>

Leave a Reply

Your email address will not be published. Required fields are marked *

Please respect the following rules: No advertising, no spam, no keyword in name field. Thank you!