Here is a function to filter what the user has entered! You can call this function to filter by using post to pass the value!
/** * Filter Parameter * @ param string $str Accepted parameters * @return string */ static public function filterwords ($STR) { $farr = array ( "/< (\\/?) (script|i?frame|style|html|body|title|link|meta|object|\\?| \\%) ([^>]*?) >/isu ", "/( <[^>]*) on[a-za-z]+\s*= ([^>]*>)/isu ", "/select|insert|update|delete|\ ' |\/\*|\*|\.\.\/|\.\/|union|into|load_file| Outfile|dump/is " ) $str = preg_replace ($farr, ", $str); return $str; } /* * * filter the accepted parameters or arrays, such as $_get,$_post * @param array|string $arr accepted parameters or arrays * @return array|string */ static public function filterarr ($arr) { if (Is_array ($arr)) { foreach ($arr as $k => $v) { $arr [$k] = self::filterwords ($v); } }else{ $arr = self:: Filterwords ($v); } return $arr; }
PHP anti-XSS anti-SQL injection code