I have these two functions that are used to sanitize data going into my database as well as format it for output.
I have tested them with strings like "c:\r\new\" to verify that lines aren't messed up.
These may be helpful to someone else, but please let me know if there are problems with them.
I have tested them with strings like "c:\r\new\" to verify that lines aren't messed up.
These may be helpful to someone else, but please let me know if there are problems with them.
Code:
/**
*
* Sanitizes data that is passed to it for entry into mysql database.
* Prevents sql injection, etc.
*
* @input = Data to be cleaned
*/
function sanitize($input)
{
if(is_array($input))
{
foreach($input as $key => $val)
{
$input[$key] = sanitize($val);
}
} else {
$input = trim($input);
$input = htmlentities($input);
$input = str_replace("\r\n", "\n", $input);
$input = str_replace("\r", "\n", $input);
$input = str_replace("\n", "<newline>", $input);
$input = mysql_real_escape_string($input);
}
return $input;
}
/**
*
* Formats data that has been sanitized to display on the screen.
*
* @str (mixed) = Data to be formatted
* @breaks (string) = What will replace standard newline characters (ie '<br/>\n')
*/
function fout($str, $breaks="<br />")
{
if(is_array($str))
{
foreach($str as $key => $val)
{
$str[$key] = format_out($val, $breaks);
}
} else {
$str = str_replace("<newline>", $breaks."\n", $str);
$str = stripslashes($str);
}
return $str;
}
Comment