inc/secure.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

<?php
//soll dein funktion entahlten die alle �bergebenen parameter �berpr�ft
//'`'" 
  
foreach ($_GET as $k => $v) 
{	
  	$v = htmlspecialchars($v);
//echo "$v<br>";
	$v = mysql_escape_string($v);
//echo "$v<br>";
//	$v = htmlentities($v);
//echo "$v<br>";
//    if (preg_match('/([\'"`\'])/', $v, $match)) 
	if (preg_match('/([\"`])/', $v, $match)) 
	{
		print "sorry get has illegal char '$match[1]'";
		exit;
	}
	$$k = $v;
}
  
foreach ($_POST as $k => $v) 
{
  	$v = htmlspecialchars($v);
//echo "$v<br>";
	$v = mysql_escape_string($v);
//echo "$v<br>";
//	$v = htmlentities($v);
//echo "$v<br>";
	if (preg_match('/([\'"`\'])/', $v, $match)) {
		print "sorry post has illegal char '$match[1]'";
		exit;
	}
	$$k = $v;
}

?>