A function for cleaning string from unsecure inputs, destroys input and return empty string PHP

https://stackoverflow.com/questions/22418826

15-06-2023
|

Frage

When i give form value to this function, always, an empty string returns.

<?php
function safeinput($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    $data = mysql_real_escape_string($data);
    return $data;
}
?>

Is there another way to secure inputs? note : Operations done under joomla

Lösung

The best way is the ensure you are limiting you input based on expected value types. You can refer this

docs.joomla.org/J1.5:Retrieving_and_Filtering_GET_and_POST_requests_with_JRequest::getVar

http://api.joomla.org/cms-2.5/classes/JRequest.html

possible filters are

INT
INTEGER
FLOAT
DOUBLE
BOOL
BOOLEAN
WORD
ALNUM
CMD
BASE64
STRING
ARRAY
PATH
USERNAME

the you can escape the data using.

    $db= JFactory::getDbo();
    $db->getEscaped($data);

http://api.joomla.org/cms-2.5/classes/JDatabase.html#method_getEscaped

Lizenziert unter: CC-BY-SA mit Zuschreibung

Nicht verbunden mit StackOverflow