Forum Moderators: coopster
Any other software/script which does form cleaning of user data and prevent all sorts of attacks?
Also i am looking for something which filters the users data for!@#$%^&*(), and many more.. is there a software/script that does it all. Clean the variables or do i have to use htmlentities(), strip_tags(), escape characters functions, strip and addslashes() on each of user inputs
Will using the above functions corrupt the legitimate data inputs ... if there are any precaustions like someone told me not to use stripslashes after you extract data from db and also not to use htmlentities and htmlspecialchars() as they are specific to encoding and will create some probelms in the search from db.
So please tell if i use functions in php which all are acceptable while storing and which all acceptable while extracting and displaying the data. Any exceptions please discuss.
Any standard all in one function through which i pass all my variables before adding to db and after extracting from db?
[edited by: dreamcatcher at 2:37 pm (utc) on Aug. 17, 2007]
[edit reason] no urls as per T.O.S [webmasterworld.com].Thanks [/edit]
function sql_safe($value)
{
if (get_magic_quotes_gpc())
{
$value=stripslashes($value);
return $value;
}
else
{
$value = trim($value);
$value = strip_tags($value);
$value = htmlentities($value);
$value = mysql_real_escape_string($value);
return $value;
// this could all be done on one line, but for simplicity I seperated it all
}
}
But it doesn't seem to work FULLY... so any additions or modification to the above code. Or some other suggestions?
