Jump to content

Class Securing


Recommended Posts

Well, it depends how in depth you really want to go with your "Clean"ing class.

For just a general clean one function like you demonstrated. Then making it an objective is not really a smart idea.

Very useful if you want to do various cleans and checks on each and every string that get's passed through and passed out (remember to have an output function to remove those nasty </> tags and the \s).

Link to comment
Share on other sites

The class is currently doing nothing.

You should remove isset, htmlspecialchars and strip_tags.

A function like this would be much better, in my opinion.


function escape( $data ) {
if (is_null($data))
	return "NULL";

if (is_bool($data))
	return $data ? 1 : 0;

if (is_string($data))
	if (get_magic_quotes_gpc()) // alot of shared hosts still have magic quotes enabled.
		$data = stripslashes($data);

	return mysql_real_escape_string($data, [Database Link]);

return $data;


You should only really escape data going into the database, then use htmlspecialchars/htmlentities on output otherwise your going to-do it twice once going into the database and again on output. Which means using htmlspecialchars/htmlentities on input to the database, your going to have a lot more characters in the database. You can use strip_tags, but then again your users are going to wonder what is going on.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...