So the question is how to prevent SQL and PHP injection by validating inputs. Now it is pretty simple for me to construct input validator:
Code: Select all
<?php
/*
Input Cleaning
Returns clean input
*/
// CLEAN INTEGERS
function inputVerifyIntegers($intSent,$numDigits) {
$intCheck1 = (string)substr(htmlentities($intSent,ENT_QUOTES),0,$numDigits);
return (integer)preg_replace('/[^0123456789]*/','',$intCheck1);
}
// CLEAN ALPHANUMERIC
function inputVerifyAlpha($alphaSent,$numLetters) {
$alphaCheck1 = (string)substr(htmlentities($alphaSent,ENT_QUOTES),0,$numLetters);
return (string)preg_replace('/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ]*/','',$alphaCheck1);
}
?>
Code: Select all
){}function evil(){return evilValue;}function($e