php - taking safe input from url and making my input hacking safe -
i have following method in php crud class:
//secure search method function secureinput($ary = array()){ $this->connect(); $securedarray = array(); //print_r($ary); foreach($ary $val){ //echo($val.'<br />'); $val = str_replace("'","",$val); $val = str_replace("#","",$val); $val = str_replace("~","",$val); $val = str_replace("!","",$val); $val = str_replace("%","",$val); $val = str_replace("*","",$val); $val = str_replace("drop","",strtolower($val)); $val = str_replace("show","",strtolower($val)); $val = str_replace("insert","",strtolower($val)); $val = str_replace("create","",strtolower($val)); $val = str_replace("update","",strtolower($val)); $val = str_replace("select","",strtolower($val)); $val = str_replace('"',"",$val); $val = str_replace("+","",$val); $val = str_replace(";","",$val); $val = mysql_real_escape_string($val); $securedarray[] = $val; } return $securedarray; } i want use following code take input , return clean input (hacking xss proof input) , use database queries insert update , retrieve etc
require_once('classes/classes.php'); $crud = new crud(); $ar = array("shah hussai#n","shahhus';sai;'n3#05@xyz.com","",234); $name = "";$email = "";$empty ="";$int = ""; $ary = $crud->secureinput($ar); if(!isset($ary[0]) || empty($ary[0])){ echo("please provide name<br />"); } else{ //update variables here $name = $ary[0]; $email = $ary[1]; $empty = $ary[2]; $int = $ary[3]; }//if echo $sql = "insert tbl(name,email...) values($name,$email,$empty,$int)"; now not sure either protect code hackers cross scripting , sql injection attempts? or should else taking input safely?
thanks in advance
to protect sql injections best use prepared statement.provided link in case.
other risks better specific answer.
Comments
Post a Comment