<?php
//=====================================================================================
//Apply real_escape_string to strip out SQL injection
function makeSafe($value){
//if (isset($value)){
$value = clean_html($value);
$value = strip_tags(trim($value));
//}
return $value;
//return mysql_real_escape_string($value);
}
//=====================================================================================
//Clean out html code. From html2txt() in http://us2.php.net/manual/en/function.strip-tags.php
function clean_html($document){
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments including CDATA
);
//Replace any of the patterns listed above
$text = preg_replace($search, '', $document);
//Replace or remove any illegal characters
$text = preg_replace('/;/', ' ', $text); //semicolons
$text = preg_replace('/"/', "'", $text); //double quotations
$text = preg_replace('/[\%\?\*]/', ' ', $text); //wildcards
$text = preg_replace('/[\:\`\$\/\\\=\~\<\>\|\!\^]/', ' ', $text); //other uneeded symbols
$text = preg_replace('/[-]{2,}/', '-', $text); //more than 1 dash in a row
$text = preg_replace("/[\']{2,}/", "'", $text); //more than 1 single quotation in a row
$text = preg_replace("/[\&]{2,}/", '&', $text); //more than 1 ampersand in a row
$text = preg_replace("/[ ]{2,}/", ' ', $text); //more than 1 space in a row
//And replace any leftover special characters
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
//Return the value
return $text;
}
$mystring = "
Validating data... Done validating... test 123............stdClass Object
(
[feedback_text] => Array
(
[text] => Robert'); DROP TABLE Stftudents;--' ? Mom
[format] => 1
)
[name] => connor - admin, 2 - john
[email] => rcooper@c2ti.com
[submitbutton] => Submit Feedback
[text_len] => 41
)";
$mystring2 = makeSafe($mystring);
echo $mystring2;
- Output for 5.4.2 - 5.4.45, 5.5.24 - 5.5.35, 5.6.8 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.10, 7.2.0 - 7.2.33, 7.3.16 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
- Validating data... Done validating... test 123............stdClass Object
(
[feedback_text] Array
(
[text] Robert') DROP TABLE Stftudents -' Mom
[format] 1
)
[name] connor - admin, 2 - john
[email] rcooper@c2ti.com
[submitbutton] Submit Feedback
[text_len] 41
)
preferences:
136.97 ms | 405 KiB | 224 Q