Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function clean_var($var=null, $html=false) {
- global $db;
- $var = trim(stripslashes($var));
- if(!$html) {
- $search = array('%', '`', '*', '"', '\'', '<', '>');
- $replace = array('%', '`', '*', '"', ''', '<', '>');
- $var = str_replace($search, $replace, $var);
- }
- $var = $db->escape_string($var); // MySQLi escape
- //$var = str_replace(chr(hexdec('92')), '\', $var);
- //$var = htmlspecialchars($var);
- return $var;
- }
- function clean_params(&$params, $html=false) {
- if(is_array($params))
- foreach($params as $key=>$value)
- $params[$key] = clean_params($value, $html);
- else
- $params = clean_var($params, $html);
- return $params;
- }
- clean_params($_POST);
- // или сразу в переменную
- $params = clean_params($_POST);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement