This function is useful for cleaning input coming in from a form made public on your site. A good example of which is the comments section I have on a lot of my pages on this site. This function helps with some basic filtering to counter attempted SQL and HTML injections by replacing certain symbols with their associated HTML codes.
This works well because the characters will still display the same in the browser, but any attempt to insert SQL or HTML into a form field which is subjected to this function will not work.
<?php
function clean_input($string)
{
$replace = array("<", ">", "'", '"');
$with = array("<", ">", "'", """);
$string = str_replace($replace, $with, $string);
$string = trim($string);
return $string;
}
?>
Comments (0)
+ –