@ 2015-10-05T20:10:02Z <?php
//=====================================================================================
//Apply real_escape_string to strip out SQL injection
function makeSafe($value){
//if (isset($value)){
$value = mysql_real_escape_string($value);
$value = $this->clean_html($value);
$value = strip_tags(trim($value));
//}
return $value;
//return mysql_real_escape_string($value);
}
//=====================================================================================
//Clean out html code. From html2txt() in http://us2.php.net/manual/en/function.strip-tags.php
function clean_html($document){
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
'@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
'@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments including CDATA
);
//Replace any of the patterns listed above
$text = preg_replace($search, '', $document);
//Replace or remove any illegal characters
$text = preg_replace('/;/', ' ', $text); //semicolons
$text = preg_replace('/"/', "'", $text); //double quotations
$text = preg_replace('/[\%\?\*]/', ' ', $text); //wildcards
$text = preg_replace('/[\:\`\$\/\\\=\~\<\>\|\!\^]/', ' ', $text); //other uneeded symbols
$text = preg_replace('/[-]{2,}/', '-', $text); //more than 1 dash in a row
$text = preg_replace("/[\']{2,}/", "'", $text); //more than 1 single quotation in a row
$text = preg_replace("/[\&]{2,}/", '&', $text); //more than 1 ampersand in a row
$text = preg_replace("/[ ]{2,}/", ' ', $text); //more than 1 space in a row
//And replace any leftover special characters
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
//Return the value
return $text;
}
$mystring = "
Validating data... Done validating... test 123............stdClass Object
(
[feedback_text] => Array
(
[text] => Robert'); DROP TABLE Stftudents;--' ? Mom
[format] => 1
)
[name] => connor - admin, 2 - john
[email] => rcooper@c2ti.com
[submitbutton] => Submit Feedback
[text_len] => 41
)";
$mystring2 = makeSafe($mystring);
echo $mystring2;
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for git.master , git.master_jit , rfc.property-hooks Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in /in/oDB8h:9
Stack trace:
#0 /in/oDB8h(70): makeSafe('\nValidating dat...')
#1 {main}
thrown in /in/oDB8h on line 9
Process exited with code 255 . This tab shows result from various feature-branches currently under review by the php developers. Contact me to have additional branches featured.
Active branches Archived branches Once feature-branches are merged or declined, they are no longer available. Their functionality (when merged) can be viewed from the main output page
preferences:dark mode live preview
51.13 ms | 401 KiB | 8 Q