Created
June 6, 2012 19:32
-
-
Save alpha1/2884145 to your computer and use it in GitHub Desktop.
Escaping function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function escapeAndEvade($input, $required, $datatype, $removed, $allowed, $whitespace ){ | |
| if($input != NULL){ | |
| switch($allowed){ | |
| case "formatting": | |
| $allowed = "<h1><h2><h3><h4><h5<h6><br><b><i><strong><em><del><cite><code><pre><s><blockquote><ins><p><q>"; | |
| break; | |
| case "none": | |
| $allowed = ""; | |
| break; | |
| case "posting": | |
| $allowed="<h1><h2><h3><h4><h5<h6><br><b><i><strong><em><del><cite><code><pre><s><abbr><audio><video><bdi><blockquote><caption><embed><figure><figcaption><hgroup><hr><img><ins><ul><ol><li><mark><object><output><p><q><samp><small><span><sub><tr><td><table><tfoot><th><track><u><var><wbr><a>"; | |
| break; | |
| default: | |
| $allowed = ""; | |
| } | |
| switch($removed){ | |
| case "num": | |
| //removes numbers | |
| $input = preg_replace("/[0-9]/", "", $input); | |
| break; | |
| case "alpha": | |
| //remove alpha | |
| $input = preg_replace("/[a-zA-Z*]/", "", $input); | |
| break; | |
| case "sym": | |
| //removes anything not a num or alpha | |
| $input = preg_replace("/[^a-zA-Z0-9\s-,.]/", '', $input); | |
| break; | |
| case "alphasym": | |
| //removes alpha and sym | |
| $input = preg_replace("/[^0-9\s-,.]/", "", $input); | |
| break; | |
| case "numsym": | |
| //removes num and sym | |
| $input = preg_replace("/[^a-zA-Z\s-,.]/", "", $input); | |
| break; | |
| case "none": | |
| break; | |
| default: | |
| break; | |
| } | |
| $input = nl2br($input); | |
| $input = strip_tags($input, $allowed); | |
| if($whitespace == true){ | |
| $input = preg_replace("[\s]", "", $input); | |
| $input = trim($input); | |
| } | |
| if(get_magic_quotes_gpc()==false){ | |
| $input = addslashes($input); | |
| } | |
| $testsubject = $input; | |
| switch($datatype){ | |
| case "int": | |
| $validated = (int)$testsubject; | |
| break; | |
| case "string": | |
| $validated = (string)$testsubject; | |
| break; | |
| case "float": | |
| $testsubject = preg_replace("[a-zA-Z]", "", $testsubject); | |
| $validated = (float)$testsubject; | |
| break; | |
| case "bool": | |
| $validated = (bool)$testsubject; | |
| break; | |
| case "email": | |
| if((strpbrk($testsubject, '@') && strpbrk($testsubject, '.'))!= FALSE) { | |
| $validated = $testsubject; | |
| } | |
| else { | |
| $validated = false; | |
| } | |
| break; | |
| default: | |
| $validated = false; | |
| break; | |
| } | |
| if($validated == $input){ | |
| $output = $validated; | |
| } | |
| else { | |
| $output = "Input is invalid"; | |
| } | |
| } | |
| else { | |
| if($required == true){ | |
| $output = "Input left empty"; | |
| } | |
| else { | |
| $output = ""; | |
| } | |
| } | |
| mysql_real_escape_string($output, $GLOBALS['mysql_connect']); | |
| $output = trim($output); | |
| var_dump($output); | |
| return $output; | |
| } | |
| if(isset($_POST['submit'])){ | |
| $input = $_POST['input']; | |
| echo '$input, $required, $datatype, $removed, $allowed, $whitespace<br>'; | |
| echo "Input, true/false, string, NONE, NONE, true/false" ."\n<br>"; | |
| echo escapeAndEvade($input, true,"string", "none", "none", false); | |
| //address = escapeAndEvade($input, true,"string", "sym", "none", false); | |
| //names escapeAndEvade($input, true,"string", "num", "none", false); | |
| //zip/numbers escapeAndEvade($input, true,"string", "alpha", "none", true); | |
| //email = escapeAndEvade($input, true,"email", "none", "none", true); | |
| } | |
| //mysql_real_escape_string | |
| ?> | |
| <form method="post" action=""> | |
| <input type="text" name="input" lue=""> | |
| <input type="submit" name="submit" value="Escape"> | |
| </form> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment