Static Image - Get Adobe Flash Player
$max))) return FALSE; return $string; } // sanitize a string in prep for passing a single argument to system() (or similar) function system_string($string, $min='', $max='') { $pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // no piping, passing possible environment variables ($), // seperate commands, nested execution, file redirection, // background processing, special commands (backspace, etc.), quotes // newlines, or some other special characters $string = preg_replace($pattern, '', $string); $string = preg_replace('/\$/', '\\\$', $string); //make sure this is only interpretted as ONE argument $len = strlen($string); if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return FALSE; return $string; } // sanitize a string for SQL input (simple slash out quotes and slashes) function sql_string($string, $min='', $max='') { $pattern[0] = '/(\\\\)/'; $pattern[1] = "/\"/"; $pattern[2] = "/'/"; $replacement[0] = '\\\\\\'; $replacement[1] = '\"'; $replacement[2] = "\\'"; $len = strlen($string); if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return FALSE; return preg_replace($pattern, $replacement, $string); } // sanitize a string for SQL input (simple slash out quotes and slashes) function ldap_string($string, $min='', $max='') { $pattern = '/(\)|\(|\||&)/'; $len = strlen($string); if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max))) return FALSE; return preg_replace($pattern, '', $string); } // sanitize a string for HTML (make sure nothing gets interpretted!) function html_string($string) { $pattern[0] = '/\&/'; $pattern[1] = '//"; $pattern[3] = '/\n/'; $pattern[4] = '/"/'; $pattern[5] = "/'/"; $pattern[6] = "/%/"; $pattern[7] = '/\(/'; $pattern[8] = '/\)/'; $pattern[9] = '/\+/'; $pattern[10] = '/-/'; $replacement[0] = '&'; $replacement[1] = '<'; $replacement[2] = '>'; $replacement[3] = '
'; $replacement[4] = '"'; $replacement[5] = '''; $replacement[6] = '%'; $replacement[7] = '('; $replacement[8] = ')'; $replacement[9] = '+'; $replacement[10] = '-'; return preg_replace($pattern, $replacement, $string); } // make int int! function int($integer, $min='', $max='') { $int = intval($integer); if((($min != '') && ($int < $min)) || (($max != '') && ($int > $max))) return FALSE; return $int; } // make float float! function float($float, $min='', $max='') { $float = floatval($float); if((($min != '') && ($float < $min)) || (($max != '') && ($float > $max))) return FALSE; return $float; } // glue together all the other functions function gosanitize($input, $flags, $min='', $max='') { if($flags & UTF8) $input = $this->my_utf8_decode($input); if($flags & PARANOID) $input = $this->paranoid_string($input, $min, $max); if($flags & INT) $input = $this->int($input, $min, $max); if($flags & FLOAT) $input = $this->float($input, $min, $max); if($flags & HTML) $input = $this->html_string($input, $min, $max); if($flags & SQL) $input = $this->sql_string($input, $min, $max); if($flags & LDAP) $input = $this->ldap_string($input, $min, $max); if($flags & SYSTEM) $input = $this->system_string($input, $min, $max); return $input; } } ?>