donpandix/limpiaParametros.php

## limpiaParametros.php
function limpiaParametros( $param ) {
	$cross_site_scripting = array ( '@<script[^>]*?>.*?</script>@si', // Remover javascript
	'@<[\/\!]*?[^<>]*?>@si' ); // Remover etiquetas HTML
	$inyeccion_sql = array ( '/\bAND\b/i', '/\bOR\b/i', '/\bSELECT\b/i',
	'/\bFROM\b/i', '/\bWHERE\b/i', '/\bUPDATE\b/i',
	'/\bDELETE\b/i', '/\b\*\b/i', '/\bCREATE\b/i' );
	$retorno = preg_replace ( $inyeccion_sql, "", $param );
	$retorno = preg_replace ( $cross_site_scripting, "", $retorno );
	$retorno = htmlentities( $retorno, ENT_QUOTES ); // Acá es importante verificar la codificación (ISO o UTF-8)
	return trim( $retorno );
}
	function limpiaParametros( $param ) {
	$cross_site_scripting = array ( '@<script[^>]?>.?</script>@si', // Remover javascript
	'@<[\/\!]?[^<>]?>@si' ); // Remover etiquetas HTML
	$inyeccion_sql = array ( '/\bAND\b/i', '/\bOR\b/i', '/\bSELECT\b/i',
	'/\bFROM\b/i', '/\bWHERE\b/i', '/\bUPDATE\b/i',
	'/\bDELETE\b/i', '/\b\*\b/i', '/\bCREATE\b/i' );
	$retorno = preg_replace ( $inyeccion_sql, "", $param );
	$retorno = preg_replace ( $cross_site_scripting, "", $retorno );
	$retorno = htmlentities( $retorno, ENT_QUOTES ); // Acá es importante verificar la codificación (ISO o UTF-8)
	return trim( $retorno );
	}