|
|
<?php
class FTSMakeSafe {
//==================================================
// Strips Dangerous tags out of input boxes
//==================================================
function keepsafe($makesafe) {
$makesafe=strip_tags($makesafe); // strip away any dangerous tags
$makesafe=str_replace(" ","",$makesafe); // remove spaces from variables
$makesafe=str_replace("%20","",$makesafe); // remove escaped spaces
$makesafe = trim(preg_replace('/[^\x09\x0A\x0D\x20-\x7F]/e', '"&#".ord($0).";"', $makesafe)); //encodes all ascii items above #127
// Stripslashes
if (get_magic_quotes_gpc()) {
$makesafe = stripslashes($makesafe);
}
// Quote if not integer
if (!is_numeric($makesafe)) {
$makesafe = mysql_real_escape_string($makesafe);
}
return $makesafe;
}
//==================================================
// Strips Dangerous tags out of textareas
//==================================================
function keeptasafe($makesafe) {
$makesafe=str_replace("%20","",$makesafe); // remove escaped spaces
$makesafe = trim(preg_replace('/[^\x09\x0A\x0D\x20-\x7F]/e', '"&#".ord($0).";"', $makesafe)); //encodes all ascii items above #127
// Stripslashes
if (get_magic_quotes_gpc()) {
$makesafe = stripslashes($makesafe);
}
// Quote if not integer
if (!is_numeric($value)) {
$makesafe = mysql_real_escape_string($makesafe);
}
return $makesafe;
}
//==================================================
// Strips Dangerous tags out of get and post values
//==================================================
function parseurl($makesafe) {
$makesafe=strip_tags($makesafe); // strip away any dangerous tags
$makesafe=str_replace(" ","",$makesafe); // remove spaces from variables
$makesafe=str_replace("%20","",$makesafe); // remove escaped spaces
$makesafe = trim(preg_replace('/[^\x09\x0A\x0D\x20-\x7F]/e', '"&#".ord($0).";"', $makesafe)); //encodes all ascii items above #127
// Stripslashes
if (get_magic_quotes_gpc()) {
$makesafe = stripslashes($makesafe);
}
// Quote if not integer
if (!is_numeric($value)) {
$makesafe = mysql_real_escape_string($makesafe);
}
return $makesafe;
}
}
// Use As Below
$Safe = new FTSMakeSafe;
echo $Safe->keepsafe($str);
echo $Safe->keeptasafe($str);
echo $Safe->parseurl($str);
?>
|
|
|
|
|
|
|
if (!is_numeric($value)) {
$makesafe = mysql_real_escape_string($makesafe);
}
Where is $value defined? :S
|
|
|
|
|
|
|
very good point... lol... i got that from another one of my scripts must remember to change that lol
no wonder why it never worked lol
|
|
|
|
|
