Bazaga yoziladigan malumotlarni filtrlash va tekshirish. [code=php]function cleanInput($i...

3339

Yangi formatda davom etish uchun: https://uzfor.net/view.php?act=post&id=39093

Postga havola

uDesign [758] [off]

Bazaga yoziladigan malumotlarni filtrlash va tekshirish.

function cleanInput($input) {
 
  $search = array(
    '@<script[^>]*?>.*?</script>@si',   // javascript kodlarni o`chiramiz
    '@<;[\/\!]*?[^<>]*?>@si',            // HTML teglarni o`chiramiz
    '@<style[^>]*?>.*?</style>@siU',    // css style teglarni o`chiramiz
    '@<![\s\S]*?--[ \t\n\r]*>@'         // Ko`p qatarli komentarilarni o`chiramiz
  );
 
    $output = preg_replace($search, '', $input);
    return $output;
  }
 
function sanitize($input) {
    if (is_array($input)) {
        foreach($input as $var=>$val) {
            $output[$var] = sanitize($val);
        }
    }
    else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $input  = cleanInput($input);
        $output = mysql_real_escape_string($input);
    }
    return $output;
}
 
// Ishlatish:
$bad_string = "Salom. <script src='http://sayt.uz/script.js'></script> Bugun kun zo`r!";
$good_string = sanitize($bad_string);
/*
$good_string chiqaradi:  "Salom. Bugun kun zo`r!" bu yerda <script ko`di kesib tashlanadi va keyin bazaga yoziladi
*/
/*
Undan tashqari $_GET[] va $_POST[] larni tekshirsangiz bo`ladi.
*/
  $_POST = sanitize($_POST);
  $_GET  = sanitize($_GET);