diff options
author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2005-09-10 17:25:43 +0000 |
---|---|---|
committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2005-09-10 17:25:43 +0000 |
commit | 310c2ce98fc8c0e94559c9ed8587101d92f6e853 (patch) | |
tree | 7093065a133e434fb7e551803e8700661d04c5bb /inc/secure.php |
add total system
git-svn-id: svn://svn.cccv.de/engel-system@1 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'inc/secure.php')
-rwxr-xr-x | inc/secure.php | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/inc/secure.php b/inc/secure.php new file mode 100755 index 00000000..99d646d2 --- /dev/null +++ b/inc/secure.php @@ -0,0 +1,37 @@ +<?php +//soll dein funktion entahlten die alle übergebenen parameter überprüft +//'`'" + +foreach ($_GET as $k => $v) +{ + $v = htmlspecialchars($v); +//echo "$v<br>"; + $v = mysql_escape_string($v); +//echo "$v<br>"; +// $v = htmlentities($v); +//echo "$v<br>"; +// if (preg_match('/([\'"`\'])/', $v, $match)) + if (preg_match('/([\"`])/', $v, $match)) + { + print "sorry get has illegal char '$match[1]'"; + exit; + } + $$k = $v; +} + +foreach ($_POST as $k => $v) +{ + $v = htmlspecialchars($v); +//echo "$v<br>"; + $v = mysql_escape_string($v); +//echo "$v<br>"; +// $v = htmlentities($v); +//echo "$v<br>"; + if (preg_match('/([\'"`\'])/', $v, $match)) { + print "sorry post has illegal char '$match[1]'"; + exit; + } + $$k = $v; +} + +?> |