<?php
//=====================================================================================
//Apply real_escape_string to strip out SQL injection
function makeSafe($value){
//if (isset($value)){
$value = clean_html($value);
$value = strip_tags(trim($value));
//}
return $value;
//return mysql_real_escape_string($value);
}
//=====================================================================================
//Clean out html code. From html2txt() in http://us2.php.net/manual/en/function.strip-tags.php
function clean_html($document){
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments including CDATA
);
//Replace any of the patterns listed above
$text = preg_replace($search, '', $document);
//Replace or remove any illegal characters
$text = preg_replace('/;/', ' ', $text); //semicolons
$text = preg_replace('/"/', "'", $text); //double quotations
$text = preg_replace('/[\%\?\*]/', ' ', $text); //wildcards
$text = preg_replace('/[\:\`\$\/\\\=\~\<\>\|\!\^]/', ' ', $text); //other uneeded symbols
$text = preg_replace('/[-]{2,}/', '-', $text); //more than 1 dash in a row
$text = preg_replace("/[\']{2,}/", "'", $text); //more than 1 single quotation in a row
$text = preg_replace("/[\&]{2,}/", '&', $text); //more than 1 ampersand in a row
$text = preg_replace("/[ ]{2,}/", ' ', $text); //more than 1 space in a row
//And replace any leftover special characters
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
//Return the value
return $text;
}
$mystring = "
Validating data... Done validating... test 123............stdClass Object
(
[feedback_text] => Array
(
[text] => Robert'); DROP TABLE Stftudents;--' ? Mom
[format] => 1
)
[name] => connor - admin, 2 - john
[email] => rcooper@c2ti.com
[submitbutton] => Submit Feedback
[text_len] => 41
)";
$mystring2 = makeSafe($mystring);
echo $mystring2;
preferences:
41.24 ms | 402 KiB | 5 Q