alpha1
6/6/2012 - 7:32 PM
Escaping function
Escaping function
<?php
function escapeAndEvade($input, $required, $datatype, $removed, $allowed, $whitespace ){
if($input != NULL){
switch($allowed){
case "formatting":
$allowed = "<h1><h2><h3><h4><h5<h6><br><b><i><strong><em><del><cite><code><pre><s><blockquote><ins><p><q>";
break;
case "none":
$allowed = "";
break;
case "posting":
$allowed="<h1><h2><h3><h4><h5<h6><br><b><i><strong><em><del><cite><code><pre><s><abbr><audio><video><bdi><blockquote><caption><embed><figure><figcaption><hgroup><hr><img><ins><ul><ol><li><mark><object><output><p><q><samp><small><span><sub><tr><td><table><tfoot><th><track><u><var><wbr><a>";
break;
default:
$allowed = "";
}
switch($removed){
case "num":
//removes numbers
$input = preg_replace("/[0-9]/", "", $input);
break;
case "alpha":
//remove alpha
$input = preg_replace("/[a-zA-Z*]/", "", $input);
break;
case "sym":
//removes anything not a num or alpha
$input = preg_replace("/[^a-zA-Z0-9\s-,.]/", '', $input);
break;
case "alphasym":
//removes alpha and sym
$input = preg_replace("/[^0-9\s-,.]/", "", $input);
break;
case "numsym":
//removes num and sym
$input = preg_replace("/[^a-zA-Z\s-,.]/", "", $input);
break;
case "none":
break;
default:
break;
}
$input = nl2br($input);
$input = strip_tags($input, $allowed);
if($whitespace == true){
$input = preg_replace("[\s]", "", $input);
$input = trim($input);
}
if(get_magic_quotes_gpc()==false){
$input = addslashes($input);
}
$testsubject = $input;
switch($datatype){
case "int":
$validated = (int)$testsubject;
break;
case "string":
$validated = (string)$testsubject;
break;
case "float":
$testsubject = preg_replace("[a-zA-Z]", "", $testsubject);
$validated = (float)$testsubject;
break;
case "bool":
$validated = (bool)$testsubject;
break;
case "email":
if((strpbrk($testsubject, '@') && strpbrk($testsubject, '.'))!= FALSE) {
$validated = $testsubject;
}
else {
$validated = false;
}
break;
default:
$validated = false;
break;
}
if($validated == $input){
$output = $validated;
}
else {
$output = "Input is invalid";
}
}
else {
if($required == true){
$output = "Input left empty";
}
else {
$output = "";
}
}
mysql_real_escape_string($output, $GLOBALS['mysql_connect']);
$output = trim($output);
var_dump($output);
return $output;
}
if(isset($_POST['submit'])){
$input = $_POST['input'];
echo '$input, $required, $datatype, $removed, $allowed, $whitespace<br>';
echo "Input, true/false, string, NONE, NONE, true/false" ."\n<br>";
echo escapeAndEvade($input, true,"string", "none", "none", false);
//address = escapeAndEvade($input, true,"string", "sym", "none", false);
//names escapeAndEvade($input, true,"string", "num", "none", false);
//zip/numbers escapeAndEvade($input, true,"string", "alpha", "none", true);
//email = escapeAndEvade($input, true,"email", "none", "none", true);
}
//mysql_real_escape_string
?>
<form method="post" action="">
<input type="text" name="input" lue="">
<input type="submit" name="submit" value="Escape">
</form>