Jump to content
xisto Community
Sign in to follow this  
shadowx

How Good Is This Data Cleaning Function?

Recommended Posts

Hi all, this is my first function and as part of a script and i just want to know a couple of things.

here is the code for the function:

<?function clean($dirty_string) {$muddy_string = stripslashes($dirty_string);$murky_string = strip_tags($muddy_string);$clean_string = htmlentities($murky_string);	};?>

So the first thing is how secure is it? the script this will be used in connects to a database and sends an email so it needs to stop SQL injections and any email abuse it might cause, also the data stored in the database will be usaed as part of a HTML page so it needs to be HTML proof which is why i used HTMLENTITIES and of course STRIP_TAGS gets rid of php and HTML so was a good choice i thought.

That is all really! If its not that secure then are there any other built in functions i could add?

Thanks

Share this post


Link to post
Share on other sites

It is pretty good, I just have a couple of quick suggestions to add. First of all why are you wasting memory on the server with all of those useless variables? Even though its temporarily while your page is loading. Normally for code this short it wouldn't matter, but since its a function that will be included in other pages, the object of it is to be fast and effective. The faster and more effective it is the better the function is.Also I assume the reason you have htmlentities after strip_tags is to parse '<' and '>' that are not in tag format? (for example an arrow: -->). If you are doing this why do you also strip_tags? Is it important to completely eliminate tags that are in html format? Why not just keep them in there and just parse them into > and <?Also, I would think that add_slashes would make it more secure than strip_slashes. This would escape out quotes, and would also escape out any backslashes that strip_slashes would remove, rendering them useless.

Edited by alex7h3pr0gr4m3r (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.