Jump to content

function for cleaning input data.


fantomel

Recommended Posts

I needed a function for cleaning input data.. and i`m not the best at php security just started to learn about it so i need some advices corrections.

function cleanInput($string){
        return nl2br(htmlspecialchars(strip_tags(trim(urldecode($string)))));
    }

Should i add anything else to this function?

on each insert in mysql i add mysql_real_escape_string.

Link to comment
https://forums.phpfreaks.com/topic/206329-function-for-cleaning-input-data/
Share on other sites

You shouldnt really find every function you can and stuff it into a sanitization function,

 

Mysql injection is really easy to protect against:

$name = mysql_real_escape_string($name);

 

For Form Data, you have to worry about Javascript injection (XSS Attacks) (So you dont display maliscious javascript someone put as their name etc).

$santized = htmlentities($input);

 

Also, Form data should be specifically santized (like an email address, and a name must only contain alphabets etc).

if(!preg_match("/^[a-z ]+$/i",$name)){
   echo("Name can only contain Alphabet characters and Spaces");
}

 

Hope this helps,

-cb-

Here you go:

 

<?php
function clean($value)
{
	if (is_array($value))
	{
		foreach($value as $k => $v)
		{
			$value[$k] = clean($v);
		}
	}
	else
	{
		if(get_magic_quotes_gpc() == 1)
		{
			$value = stripslashes($value);
		}

		$value = trim(htmlspecialchars($value, ENT_QUOTES, "utf-8")); //convert input into friendly characters to stop XSS
		$value = mysql_real_escape_string($value);
	}
   
	return $value;
}
?>

I've read so many tutorials about php security on forms .. and stuff like that . that i think in the end i got lost.

thank you everyone for your response.

@ChemicalBliss i always do a preg_match on fields from forms according to what they have to do. a-zA-Z or only numbers.. depends:D

again thank you everyone for your responses.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.