Tuesday, January 17, 2012

Protection From sql injection and cross site scripting

How to prevent your site from sql injection and  cross scripting 

### Here is a sample code however you can amend this code for your own use ###

 * @Autor     Furqan khan
// Function To Protect from Cross site Script And Sql Injection
function prevent($str) {
$str = htmlentities(mysql_real_escape_string(trim($str)), ENT_QUOTES, 'UTF-8');
    $str = nl2br($str);
    $str = addslashes($str);
    $str = str_replace("'", "'", $str);
    $str = str_replace('\\', "\", $str);
    $str = str_replace("|", "I", $str);
    $str = str_replace("||", "I", $str);
    $str = str_replace("/\\\$/", "$", $str);
    return $str;
/// How To use
//whatever the value you are getting from your form whether its a post or get request .. this will work for all 

$var = prevent($_GET['value']); // You can use $_GET, $_POST Etc Here whatever You want
echo $var;                      //echo is not necessary its just for visualizing the effect of function 


Back to top!