Jump to content

Recommended Posts

I needed a function for cleaning input data.. and i`m not the best at php security just started to learn about it so i need some advices corrections.

function cleanInput($string){
        return nl2br(htmlspecialchars(strip_tags(trim(urldecode($string)))));
    }

Should i add anything else to this function?

on each insert in mysql i add mysql_real_escape_string.

Link to comment
https://forums.phpfreaks.com/topic/206329-function-for-cleaning-input-data/
Share on other sites

You shouldnt really find every function you can and stuff it into a sanitization function,

 

Mysql injection is really easy to protect against:

$name = mysql_real_escape_string($name);

 

For Form Data, you have to worry about Javascript injection (XSS Attacks) (So you dont display maliscious javascript someone put as their name etc).

$santized = htmlentities($input);

 

Also, Form data should be specifically santized (like an email address, and a name must only contain alphabets etc).

if(!preg_match("/^[a-z ]+$/i",$name)){
   echo("Name can only contain Alphabet characters and Spaces");
}

 

Hope this helps,

-cb-

Here you go:

 

<?php
function clean($value)
{
	if (is_array($value))
	{
		foreach($value as $k => $v)
		{
			$value[$k] = clean($v);
		}
	}
	else
	{
		if(get_magic_quotes_gpc() == 1)
		{
			$value = stripslashes($value);
		}

		$value = trim(htmlspecialchars($value, ENT_QUOTES, "utf-8")); //convert input into friendly characters to stop XSS
		$value = mysql_real_escape_string($value);
	}
   
	return $value;
}
?>

I've read so many tutorials about php security on forms .. and stuff like that . that i think in the end i got lost.

thank you everyone for your response.

@ChemicalBliss i always do a preg_match on fields from forms according to what they have to do. a-zA-Z or only numbers.. depends:D

again thank you everyone for your responses.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.