We use below function to clean up a user input:
function x_site_safe($input,$do_quot=true,$remv_quot=false) {$input = preg_replace("/</","",$input);$input = preg_replace("/>/","",$input);$input = preg_replace("/\(/","",$input);$input = preg_replace("/\)/","",$input);if ($do_quot) $input = preg_replace("/\"/",""",$input);if ($remv_quot) $input = preg_replace("/\"/","",$input);return $input;}
Usage:
x_site_safe($input) : remove >, <, ( , ), and change " to "
x_site_safe($input, false): remove >, <, ( , and )
For example: (combine with stripslashes and trim)
$str = (isset($_GET['v'])) ? stripslashes(trim(x_site_safe($_GET['v'],false))) : "";
No comments:
Post a Comment