Code: Select all
function cleanInput($aString)
{
$aString = strip_tags($aString);
$aString = str_replace("<","", $aString);
$aString = str_replace(">","", $aString);
$aString = str_replace("'","", $aString);
$aString = str_replace("/","", $aString);
$aString = str_replace("","", $aString);
$aString = str_replace("(","", $aString);
$aString = str_replace(")","", $aString);
$aString = str_replace(",", " ", $aString);
$aString = str_replace(" ", " ", $aString);
$aString = str_replace("#","%23", $aString);
$aString = str_replace("'","`", $aString);
$aString = str_replace(";","%3B", $aString);
$aString = str_replace("script","", $aString);
$aString = str_replace("%3c","", $aString);
$aString = str_replace("%3e","", $aString);
$aString = str_replace("@", "[at]", $aString);
$aString = trim($aString);
return($aString);
}And as far as MySQL injections go, are they also done through form input boxes or are they done using a different method?