Best way to clean form data
Posted: Tue Dec 11, 2007 5:22 pm
I have a site that takes form data from many fields, and I want to protect myself from the bad apples out there. What is the best way to do this? Currently I am doing:
Which I know is quite messy, is there a better way to clean input because I think I am doing it all wrong.
And as far as MySQL injections go, are they also done through form input boxes or are they done using a different method?
Code: Select all
function cleanInput($aString)
{
$aString = strip_tags($aString);
$aString = str_replace("<","", $aString);
$aString = str_replace(">","", $aString);
$aString = str_replace("'","", $aString);
$aString = str_replace("/","", $aString);
$aString = str_replace("","", $aString);
$aString = str_replace("(","", $aString);
$aString = str_replace(")","", $aString);
$aString = str_replace(",", " ", $aString);
$aString = str_replace(" ", " ", $aString);
$aString = str_replace("#","%23", $aString);
$aString = str_replace("'","`", $aString);
$aString = str_replace(";","%3B", $aString);
$aString = str_replace("script","", $aString);
$aString = str_replace("%3c","", $aString);
$aString = str_replace("%3e","", $aString);
$aString = str_replace("@", "[at]", $aString);
$aString = trim($aString);
return($aString);
}And as far as MySQL injections go, are they also done through form input boxes or are they done using a different method?