Two usefull functions(XSS/SQL injection).

Discussion in 'PHP' started by Y.P.Y, Oct 9, 2009.

0
  1. #1
    Hi,
    
function Safe_String($Str_Input, $Str_Type= 'all', $Str_Charset= 'ISO-8859-1', $Bln_HTMLEntities= false, $Bln_SubStr= false, $Lng_MaximumLength= 0)
{

		switch(strtolower($Str_Type)):
		case 'english':
		case 'e': $Str_Input= preg_replace('/[^a-zA-Z]/i', '', &$Str_Input);
		break;

		case 'integer':
		case 'i': $Str_Input= preg_replace('/[^0-9+-]/i', '', &$Str_Input);
		break;

		case 'number':
		case 'n': $Str_Input= preg_replace('/[^0-9+.\/-]/i', '', &$Str_Input);
		break;

		case 'englishinteger':
		case 'ei': $Str_Input= preg_replace('/[^a-zA-Z0-9+-]/i', '', &$Str_Input);
		break;

		case 'englishnumber':
		case 'en': $Str_Input= preg_replace('/[^a-zA-Z0-9+.\/-]/i', '', &$Str_Input);
		break;

		case 'electronicmail':
		case 'em': $Str_Input= preg_replace('/[^a-zA-Z0-9@_.-]/i', '', &$Str_Input);
		break;

		case 'file':
		case 'f': $Str_Input= preg_replace('/[^a-zA-Z0-9+_.-]/i', '', &$Str_Input);
		break;

		case 'phone':
		case 'ph': $Str_Input= preg_replace('/[^0-9+]/i', '', &$Str_Input);
		break;

		case 'internetprotocol':
		case 'ip': $Str_Input= preg_replace('/[^0-9.:]/i', '', &$Str_Input);
		break;
		endswitch;

	if($Bln_SubStr): $Str_Input= mb_substr(&$Str_Input, 0, &$Lng_MaximumLength, &$Str_Charset);
	endif;
	if($Bln_HTMLEntities): $Str_Input= htmlentities(&$Str_Input, ENT_COMPAT, &$Str_Charset);
	endif;
	unset($Bln_HTMLEntities, $Bln_SubStr);
	return($Str_Input); 
}
    PHP:
    
function Safe_SQL($Str_Input)
{

	if(get_magic_quotes_gpc()): function_exists('mysql_real_escape_string') ? stripslashes(mysql_real_escape_string(&$Str_Input)) : stripslashes(mysql_escape_string(&$Str_Input));
	else: function_exists('mysql_real_escape_string') ? addslashes(mysql_real_escape_string(&$Str_Input)) : addslashes(mysql_escape_string(&$Str_Input));
	endif;

	return($Str_Input);
}
    PHP:
    Goodluck. ;-)
     
    Y.P.Y, Oct 9, 2009 IP
  2. kbluhm

    kbluhm Peon

    Messages:
    23
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I went to rate this thread a 1, but apparently accidentally rated it a 5. :x

    I wouldn't really recommend using these two functions, their output is extremely unpredictable.
     
    kbluhm, Oct 9, 2009 IP
  3. JAY6390

    JAY6390 Peon

    Messages:
    918
    Likes Received:
    31
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I think it's an error with the forum, This was rated by the OP (as was the other one) and when I go to either both have a 5 rating and say I've already rated it when I've done anything but...
     
    JAY6390, Oct 10, 2009 IP
  4. kbluhm

    kbluhm Peon

    Messages:
    23
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Phew, it's not just me then. I was certain I'd not rated a 5.
     
    kbluhm, Oct 10, 2009 IP
  5. JAY6390

    JAY6390 Peon

    Messages:
    918
    Likes Received:
    31
    Best Answers:
    0
    Trophy Points:
    0
    #5
    haha when I first did it I was like WTF! I wouldn't rate this a five. even a 2 would be too much ;)
     
    JAY6390, Oct 10, 2009 IP