uwannadonkey Posted August 9, 2007 Share Posted August 9, 2007 my friend gave me this, and im not sure exactly what it does. can anyone help? function cleanall() { foreach($_POST as $key => $val)//For every post { $_POST[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); $$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); } foreach($_GET as $key => $val)//For every get { $_GET[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); $$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); } foreach($_SESSION as $key => $val)//For every session { $_SESSION[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); $$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); } foreach($_COOKIE as $key => $val)//For every session { $_COOKIE[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); $$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); } } he said it helps against some hackers, is that true? Link to comment https://forums.phpfreaks.com/topic/64096-unclear-code/ Share on other sites More sharing options...
MadTechie Posted August 9, 2007 Share Posted August 9, 2007 it filters out special characters used for injection.. it filters cookies, sessions, posts & gets Link to comment https://forums.phpfreaks.com/topic/64096-unclear-code/#findComment-319416 Share on other sites More sharing options...
wildteen88 Posted August 9, 2007 Share Posted August 9, 2007 You should only need to clean variables coming from the client this will be, _GET, _POST and _COOKIE. Session data shouldn't need to be escaped as that is set within the script. Also I'd remove these lines: $$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES))); Link to comment https://forums.phpfreaks.com/topic/64096-unclear-code/#findComment-319435 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.