woocha Posted August 17, 2008 Share Posted August 17, 2008 <?php function sanitize($value) { if(get_magic_quotes_gpc()) { $value = stripslashes($value); } else { $value = $value; } mysql_real_escape_string($value); return $value; }?> Its something I slapped together....do you guys think it makes good sense as a function? Link to comment https://forums.phpfreaks.com/topic/120106-does-this-look-right-for-a-decent-user-input-sanitizer/ Share on other sites More sharing options...
AdRock Posted August 17, 2008 Share Posted August 17, 2008 I got this from w3schools.com function check_input($value) { // Stripslashes if (get_magic_quotes_gpc()){ $value = stripslashes($value); } // Quote if not a number if (!is_numeric($value)){ $value = mysql_real_escape_string($value); } return $value; } Link to comment https://forums.phpfreaks.com/topic/120106-does-this-look-right-for-a-decent-user-input-sanitizer/#findComment-618746 Share on other sites More sharing options...
trq Posted August 17, 2008 Share Posted August 17, 2008 Numeric or not, your data should be escaped. Theres a fair bit of redundant code in there, but otherwise, it along with validation should be sufficient. <?php function sanitize($value) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } return mysql_real_escape_string($value); } ?> Link to comment https://forums.phpfreaks.com/topic/120106-does-this-look-right-for-a-decent-user-input-sanitizer/#findComment-618753 Share on other sites More sharing options...
woocha Posted August 17, 2008 Author Share Posted August 17, 2008 Theres a fair bit of redundant code in there OH DUH !! Thanks ...but other than that, you think this should be good for allowing users to login into and register to my site.....STRICTLY SPEAKING ABOUT SQL INJECTION, no other validations Link to comment https://forums.phpfreaks.com/topic/120106-does-this-look-right-for-a-decent-user-input-sanitizer/#findComment-618761 Share on other sites More sharing options...
trq Posted August 17, 2008 Share Posted August 17, 2008 Yeah. Of course you still need to validate your data is what you expect. Link to comment https://forums.phpfreaks.com/topic/120106-does-this-look-right-for-a-decent-user-input-sanitizer/#findComment-618762 Share on other sites More sharing options...
Stooney Posted August 17, 2008 Share Posted August 17, 2008 You could also expand on it to detect and sanitize entire arrays of data at once. I find that handy. Link to comment https://forums.phpfreaks.com/topic/120106-does-this-look-right-for-a-decent-user-input-sanitizer/#findComment-618793 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.