darkfreaks Posted December 11, 2008 Share Posted December 11, 2008 any takers ??? <?php if(get_magic_quotes_gpc()) { //clean XSS/SQL injection function clean_post($var) { $var=strip_tags(trim(mysqli_real_escape_string($var))); $var=htmlspecialchars($var,ENT_QUOTES); return $var; } array_walk_recursive($_POST,'clean_post'); } ?> Quote Link to comment Share on other sites More sharing options...
mrdamien Posted December 11, 2008 Share Posted December 11, 2008 <?php if(get_magic_quotes_gpc()) { //clean XSS/SQL injection function clean_post(&$var) { $var=strip_tags(trim(mysqli_real_escape_string($var))); $var=htmlspecialchars($var,ENT_QUOTES); } array_walk_recursive($_POST,'clean_post'); } ?> Also, make sure get_magic_quotes_gpc() is not returning false. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted December 11, 2008 Share Posted December 11, 2008 It would probably be worth your time to read the php manual section for the mysqli_real_escape_string() function - http://us.php.net/manual/en/mysqli.real-escape-string.php The procedural style usage requires the link identifier as the first parameter. The second parameter is the string. If you were developing php code and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON, there would have been an error reporting concerning the incorrect parameters that would have probably allowed you to solve at least that part of the problem yourself. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted December 11, 2008 Author Share Posted December 11, 2008 Modified with mysql instead of mysqli: <?php //clean XSS/SQL injection function clean_post($var) { $var=strip_tags(trim(mysql_real_escape_string($var))); $var=htmlspecialchars($var,ENT_QUOTES); return $var; } array_walk_recursive($_POST,'clean_post'); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.