blob: 687289fc09bd4d4005af732fb37d101d155d26d3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
<?php
//soll dein funktion entahlten die alle �bergebenen parameter �berpr�ft
//'`'"
if( $DEBUG)
echo "secure.php START<br>\n";
foreach ($_GET as $k => $v)
{
$v = htmlspecialchars($v);
$v = mysql_escape_string($v);
// $v = htmlentities($v);
if (preg_match('/([\'"`\'])/', $v, $match))
{
print "sorry get has illegal char '$match[1]'";
exit;
}
$_GET[$k] = $v;
if( $DEBUG)
echo "GET $k=\"$v\"<br>";
}
foreach ($_POST as $k => $v)
{
$v = htmlspecialchars($v);
$v = mysql_escape_string($v);
// $v = htmlentities($v);
if (preg_match('/([\'"`\'])/', $v, $match)) {
print "sorry post has illegal char '$match[1]'";
exit;
}
$_POST[$k] = $v;
if( $DEBUG)
echo "POST $k=\"$v\"<br>";
}
if( $DEBUG)
echo "secure.php END<br>\n";
?>
|
