bamfon Posted June 29, 2013 Share Posted June 29, 2013 Well I am now getting around to updating some of the CMS that I have done, and I wanted to know whats the thoughts on the user filtering below. Is there anything I could do to make it better or would it do its job fine as it is and no need to update? <?php //cleaning the user inputing anit Sql attack function nice_escape($unescapedString) { if (get_magic_quotes_gpc()) { $unescapedString = stripslashes($unescapedString); } $unescapedString=strip_tags($unescapedString); $semiEscapedString = mysqli_real_escape_string($unescapedString); $escapedString = addcslashes($semiEscapedString, "%_"); return $escapedString; } function nice_output($escapedString) { $patterns = array(); $patterns[0] = '/\\\%/'; $patterns[1] = '/\\\_/'; $replacements = array(); $replacements[0] = '%'; $replacements[1] = '_'; $output = preg_replace($patterns, $replacements, $escapedString); return $output; } function cleanup($string) { $out = nice_output(nice_escape($string)); return $out; } ?> Quote Link to comment Share on other sites More sharing options...
Strider64 Posted June 29, 2013 Share Posted June 29, 2013 magic quotes, run for the hills..... Quote Link to comment Share on other sites More sharing options...
bamfon Posted June 29, 2013 Author Share Posted June 29, 2013 magic quotes, run for the hills..... If you looked at the coding all its doing is checking if its on and then running "stripslashes" if its on, I turn it off, but other that may use my CMS might not. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.