How to prevent your site from sql injection and cross scripting
### Here is a sample code however you can amend this code for your own use ###
<?
/**
* @Autor Furqan khan
*/
// Function To Protect from Cross site Script And Sql Injection
function prevent($str) {
$str = htmlentities(mysql_real_escape_string(trim($str)), ENT_QUOTES, 'UTF-8');
$str = nl2br($str);
$str = addslashes($str);
$str = str_replace("'", "'", $str);
$str = str_replace('\\', "\", $str);
$str = str_replace("|", "I", $str);
$str = str_replace("||", "I", $str);
$str = str_replace("/\\\$/", "$", $str);
return $str;
}
/// How To use
//whatever the value you are getting from your form whether its a post or get request .. this will work for all
$var = prevent($_GET['value']); // You can use $_GET, $_POST Etc Here whatever You want
echo $var; //echo is not necessary its just for visualizing the effect of function
?>
### Here is a sample code however you can amend this code for your own use ###
<?
/**
* @Autor Furqan khan
*/
// Function To Protect from Cross site Script And Sql Injection
function prevent($str) {
$str = htmlentities(mysql_real_escape_string(trim($str)), ENT_QUOTES, 'UTF-8');
$str = nl2br($str);
$str = addslashes($str);
$str = str_replace("'", "'", $str);
$str = str_replace('\\', "\", $str);
$str = str_replace("|", "I", $str);
$str = str_replace("||", "I", $str);
$str = str_replace("/\\\$/", "$", $str);
return $str;
}
/// How To use
//whatever the value you are getting from your form whether its a post or get request .. this will work for all
$var = prevent($_GET['value']); // You can use $_GET, $_POST Etc Here whatever You want
echo $var; //echo is not necessary its just for visualizing the effect of function
?>
0 comments:
Post a Comment