FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » General » PHP discussions » "Cleaning" POST/GET form variables
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
"Cleaning" POST/GET form variables [message #39457] Tue, 23 October 2007 22:43
esm2002 is currently offline  esm2002   United States
Messages: 339
Registered: May 2002
Location: Atlanta Georgia
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
I somehow came by the following code. Not sure if someone sent it to me or I copied it some years ago and forgot about it.

what little info I have on it is that it "cleans" POST/GET variables from a form.

I did read and article by Ilia last year sometime about security and I guess that is my question.

While I have only a passing acquaintance with mysql injection and cross site scripting (hopefully, those are the right terms), does the below code provide security from those problems...???


<?php

function sGaddSlashes($arr)
{
  foreach($arr as $_Key)
  {
    if( is_array($GLOBALS[$_Key]) )
    {
      while( list($k, $v) = each($GLOBALS[$_Key]) )
      { if( is_array($_Key[$k]) )
        {
          while( list($k2, $v2) = each($_Key[$k]) )
          {
            $_Key[$k][$k2] = addslashes($v2); 
          } 
          @reset($_Key[$k]); 
        } else {
          $_Key[$k] = addslashes($v); 
        }  // end if
      }  // end while
      @reset($GLOBALS[$_Key]); 
    }  // end if
  }  // end foreach
} 


function do_clean($data) {
  $data = escapeshellcmd($data);
  $data = preg_replace("/..\//", "", $data);
  $data = preg_replace("/^\//", "", $data);
  $data = htmlentities($data);
//  $data = addslashes($data);
  return $data;
} 

$MQ = (boolean) get_magic_quotes_gpc(); 
if( !$MQ ){ 
   sGaddSlashes(array('$_GET', '$_POST')); 
} 

if($_POST)
{
  $post = array();
  $post = $_POST;
  foreach($post as $key=>$val) {
    $$key = do_clean($val);
  }
}

if($_GET)
{
  $get = array();
  $get = $_POST;
  foreach($get as $key=>$val)
  {
    $$key = do_clean($val);
  }
}

?>



Gene
"The older I get, the more I admire competence, just simple competence in any field from adultery to zoology."
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: PHP framework
Next Topic: error reporting
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Dec 13 08:05:50 EST 2017

Total time taken to generate the page: 0.00673 seconds