Code Examples -> A function to clean input coming from form fields (Minimize the risk for XSS and SQL Injection attacks).

	Join us on FaceBook
	Submit Your Code
	Poker Tournaments
	Poker Guide for Developers
	SEO Monitor
	UpTime Monitor
	My Favorite Examples
	My Favorite Articles
	Update Your Profile

More Weber Sites
	PHP Code Search
	Web Development Forums
	Learn MySQL Playing Trivia
	PHPBB2 Templates
	Web Development Resources
	Web Development Content
	Internet Security Software

Recommended Links
	PHPClasses
	PHP Editor
	PHP Jobs
	Vision.To Design
	Ajax Tutorials
	PHP Programming Help
	PHP/MySQL Programming
	Webmaster Resources
	Webmaster Forum
	XML meta language
	website builder

Recommended
	פרייסז - הכח לקנות עובר לידיים שלך
	Texas Holdem Poker Evangelists


BACK		ADD A COMMENT		SEND TO A FRIEND		ADD TO MY FAVORITES		ADD CODE EXAMPLES		PRINT

PHP Code Examples

Title :	A function to clean input coming from form fields (Minimize the risk for XSS and SQL Injection attacks).
Categories :	Beginner Guides, Security, Data Validation	Boaz Yahav
Date :	Jul 31st 2006
Grade :	3 of 5 (graded 3 times)
Viewed :	17122
File :	No file for this code example.
Images :	No Images for this code example.

Search :	More code by Boaz Yahav
Action :	Grade This Code Example
Tools :	My Examples List

Code

It's very important to check ANY input coming from the web to your system. Specially if you do something with the data like : echo it to the screen (XSS Attack), save it in your database (SQL Injection Attack) or just access your file system according to the input. There are some basic tests on the input that you can do to minimize the threat and this is the function that follows. I would love to get more input from people about what else to add to the check list.

<?php
function GetField($input) {
$input=strip_tags($input);
$input=str_replace("<","<",$input);
$input=str_replace(">",">",$input);
$input=str_replace("#","%23",$input);
$input=str_replace("'","`",$input);
$input=str_replace(";","%3B",$input);
$input=str_replace("script","",$input);
$input=str_replace("%3c","",$input);
$input=str_replace("%3e","",$input);
$input=trim($input);
return $input;
}
?>

Related Code Examples

	A damaged image generator (class) for validating text. CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart Categories : PHP, PHP Classes, Security, GD image library, Security
	Function to generate readable/remeberable random password Categories : PHP, Security, Security
	session out Timer Categories : PHP, Sessions, Security, Beginner Guides
	Find the day of the week for any given year/month/day. Categories : PHP, Date Time, Data Validation, Algorithms, Beginner Guides
	Human readable PHP password generator Categories : PHP, Security, Beginner Guides, Arrays
	Find if a year is leap. Categories : PHP, Date Time, Beginner Guides, Data Validation
	Secure URL $_GET Categories : PHP, Data Validation, Security
	Validating a URL with JavaScript RegExp Categories : Java Script, Data Validation, Beginner Guides
	Form Processing : with alert Highlight field name which is not filled by user Categories : Java Script, Form Processing, Data Validation, Beginner Guides, Web Design
	Ensure that a specific value lies within a specific range. Categories : PHP, Beginner Guides, Data Validation
	Validating a URL with preg_match Categories : PHP, Regexps, Beginner Guides, Data Validation
	Db_lib - practical example usage of database abstraction and form validation. Categories : PHP, Form Processing, PHP Classes, Data Validation, Beginner Guides
	PHP Image Validation Class - test if a specific file is of a certain image type without relying on the said file extension. Categories : PHP, PHP Classes, Data Validation, Graphics, Beginner Guides
	Why it is not possible to preset a value in a file upload field Categories : HTML, Security, Filesystem, Beginner Guides
	Form Validation Using PHP to highlight non valid fields Categories : PHP, Form Processing, Data Validation, Beginner Guides