"Cleaning" POST/GET form variables [message #39457] |
Wed, 24 October 2007 02:43 |
|
esm2002
Messages: 339 Registered: May 2002 Location: Atlanta Georgia
Karma:
|
Senior Member |
|
|
I somehow came by the following code. Not sure if someone sent it to me or I copied it some years ago and forgot about it.
what little info I have on it is that it "cleans" POST/GET variables from a form.
I did read and article by Ilia last year sometime about security and I guess that is my question.
While I have only a passing acquaintance with mysql injection and cross site scripting (hopefully, those are the right terms), does the below code provide security from those problems...???
<?php
function sGaddSlashes($arr)
{
foreach($arr as $_Key)
{
if( is_array($GLOBALS[$_Key]) )
{
while( list($k, $v) = each($GLOBALS[$_Key]) )
{ if( is_array($_Key[$k]) )
{
while( list($k2, $v2) = each($_Key[$k]) )
{
$_Key[$k][$k2] = addslashes($v2);
}
@reset($_Key[$k]);
} else {
$_Key[$k] = addslashes($v);
} // end if
} // end while
@reset($GLOBALS[$_Key]);
} // end if
} // end foreach
}
function do_clean($data) {
$data = escapeshellcmd($data);
$data = preg_replace("/..\//", "", $data);
$data = preg_replace("/^\//", "", $data);
$data = htmlentities($data);
// $data = addslashes($data);
return $data;
}
$MQ = (boolean) get_magic_quotes_gpc();
if( !$MQ ){
sGaddSlashes(array('$_GET', '$_POST'));
}
if($_POST)
{
$post = array();
$post = $_POST;
foreach($post as $key=>$val) {
$$key = do_clean($val);
}
}
if($_GET)
{
$get = array();
$get = $_POST;
foreach($get as $key=>$val)
{
$$key = do_clean($val);
}
}
?>
Gene
"The older I get, the more I admire competence, just simple competence in any field from adultery to zoology."
|
|
|