Advertisement
Guest User

Untitled

a guest
Jul 28th, 2016
72
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 0.78 KB | None | 0 0
  1. <?php
  2. function clean_var($var=null, $html=false) {
  3.     global $db;
  4.     $var = trim(stripslashes($var));
  5.     if(!$html) {
  6.         $search = array('%', '`', '*', '"', '\'', '<', '>');
  7.         $replace = array('&#37;', '&#96;', '&#42;', '&quot;', '&apos;', '&lt;', '&gt;');
  8.         $var = str_replace($search, $replace, $var);
  9.     }
  10.     $var = $db->escape_string($var); // MySQLi escape
  11.     //$var = str_replace(chr(hexdec('92')), '&#92;', $var);
  12.     //$var = htmlspecialchars($var);
  13.     return $var;
  14. }
  15.  
  16. function clean_params(&$params, $html=false) {
  17.     if(is_array($params))
  18.         foreach($params as $key=>$value)
  19.             $params[$key] = clean_params($value, $html);
  20.     else
  21.         $params = clean_var($params, $html);
  22.  
  23.     return $params;
  24. }
  25.  
  26. clean_params($_POST);
  27. // или сразу в переменную
  28. $params = clean_params($_POST);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement