Procedure: | sanitize |
Purpose: | A php function that attempts to recursively sanitize generic user input in all cases. To be used, not in place of prepared statements, but in addition to them. Useful as a stopgap measure for already comprmised systems until prepared statements can be put in place. Helpful against xss attacks. Useful to add to files just in case of unknown security flaws. |
Parameters: |
|
Produces: | sanitized $data that is safer to be printed out to the page or to be used in a sql query. |
Preconditions: | The variable $sanitized is reserved in the $GLOBALS scope. |
Postconditions: | If run without setting any parameters, sanitize will sanitize everything in the $_GET, $_POST, $_COOKIE, $_REQUEST, and $_FILES arrays. If these arrays are nonexistent and sanitize is called with no parameters, then it will do nothing. |
Usage: |
require_once('sanitize.php'); sanitize(); |