Miscellaneous Code

  Home arrow Miscellaneous Code arrow PHP Input Filter
MISCELLANEOUS CODE

PHP Input Filter
By: Codewalkers
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 5
    2005-03-19

    Table of Contents:

     
     

    SEARCH CODEWALKERS

    TOOLS YOU CAN USE

    advertisement
    Filter out unwanted PHP / Javascript / HTML tags.

    This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS) attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields.

    I have tried to make this class as easy as possible to use. You have control over the filter process unlike other alternatives, and can input a string or an entire array to be cleaned (such as $_POST).

    By : animachine

    ** 1.2.0 features MUCH better XSS prevention **
    Interactive Demo:
    http://cyberai.com/inputfilter/

    Readme File:
    http://cyberai.com/inputfilter/readme.txt

    PHPClasses Project Page: (view files online)
    http://cyberai.users.phpclasses.org/browse/package/2189.html

    Freshmeat Project Page:
    http://freshmeat.net/projects/inputfilter/

    = = =

    Example usage using string input:

    <?php

    // include class file
    require("class.inputfilter.php");

    // setup user-defined arrays
    $tags = array("em", "br");
    $attributes = array("title", "selected");

    // create customised filter object
    $myFilter = new InputFilter($tags, $attributes, 0, 0); // more info on constructor in readme

    $before = 'I <em TITLE="some text" foo selected>hope</em> this <stron<strong>g>works</stron</strong>g>, <br>dont you?';
    $after = $myFilter->process($before);

    ?>

    $after: I <em TITLE="some text" selected="selected">hope</em> this works, <br />dont you?

    Click to Download File



    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Miscellaneous Code Articles
    More By Codewalkers

    blog comments powered by Disqus

    MISCELLANEOUS CODE ARTICLES

    - Creating a Web Page Controller with the HMVC...
    - Coding Controllers and Views for the HMVC De...
    - A Sample Web Application with the HMVC Desig...
    - Adding a Class to Parse Views to an HMVC Des...
    - Building a Model Class for the HMVC Design P...
    - Filtering Input Data and Generating HTML For...
    - The HMVC Design Pattern: Working with MySQL ...
    - Dispatching Requests to MVC Triads with the ...
    - Implementing the Hierarchical Model-View-Con...
    - A Web App Based on a Model for the CodeIgnit...
    - Completing a Model for the CodeIgniter PHP F...
    - Validating Input Data with the CodeIgniter P...
    - Deleting Database Records with the CodeIgnit...
    - Inserting Database Records with a CodeIgnite...
    - Fetching Database Rows with a Model for the ...


    © 2003-2012 by Developer Shed. All rights reserved. DS Cluster 3 - Follow our Sitemap