summaryrefslogtreecommitdiff
path: root/inc/secure.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/secure.php')
-rwxr-xr-xinc/secure.php37
1 files changed, 37 insertions, 0 deletions
diff --git a/inc/secure.php b/inc/secure.php
new file mode 100755
index 00000000..99d646d2
--- /dev/null
+++ b/inc/secure.php
@@ -0,0 +1,37 @@
+<?php
+//soll dein funktion entahlten die alle übergebenen parameter überprüft
+//'`'"
+
+foreach ($_GET as $k => $v)
+{
+ $v = htmlspecialchars($v);
+//echo "$v<br>";
+ $v = mysql_escape_string($v);
+//echo "$v<br>";
+// $v = htmlentities($v);
+//echo "$v<br>";
+// if (preg_match('/([\'"`\'])/', $v, $match))
+ if (preg_match('/([\"`])/', $v, $match))
+ {
+ print "sorry get has illegal char '$match[1]'";
+ exit;
+ }
+ $$k = $v;
+}
+
+foreach ($_POST as $k => $v)
+{
+ $v = htmlspecialchars($v);
+//echo "$v<br>";
+ $v = mysql_escape_string($v);
+//echo "$v<br>";
+// $v = htmlentities($v);
+//echo "$v<br>";
+ if (preg_match('/([\'"`\'])/', $v, $match)) {
+ print "sorry post has illegal char '$match[1]'";
+ exit;
+ }
+ $$k = $v;
+}
+
+?>