drisate Posted February 22, 2008 Share Posted February 22, 2008 Hey guys i was wandering if you could share an easy global output/imput filtrer for $_POST $_GET and $_REQUEST Something i can use at the bigining of my script that will protect the page from any xss or what so ever ... Quote Link to comment Share on other sites More sharing options...
uniflare Posted February 22, 2008 Share Posted February 22, 2008 since filtering external data is entirely dependent on how or why your using it there is no completely global and safe way of doing what you ask. since there is no way to determine wether your going to need specific characters to remain intact (ie, if you want a user to submit raw html/php code etc - not a good idea but sometimes needed). this is the only way i found that matches your request (any html entities will be converted) <?php $rcount = count($_REQUEST); $rKeys = array_keys($_REQUEST); for($i=0;$i<$rcount;$i++){ $b4 = $_REQUEST[$rKeys[$i]]; $_REQUEST[$rKeys[$i]] = htmlentities($_REQUEST[$rKeys[$i]]); $SAFE_REQUEST[$rKeys[$i]] = htmlentities($_REQUEST[$rKeys[$i]]); } print_r($SAFE_REQUEST['test']); ?> this will use htmlentities() on every request variable, for more information on what htmlentities does visit http://uk2.php.net/manual/en/function.htmlentities.php hope this helps, Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.