Description: Data sanitizing function for cleaning out malicious code or characters from input data. Helps guard against Cross Site Scripting attacks (XSS)
Language: Highlight Mode: PHP Last Modified: March 16th, 2009
<?PHP/* CLEANS AGAINST XSS
*
* NOTE all credits goes to codeigniter.com
* @param string $str - string to check
* @param string $charset - character set (default ISO-8859-1)
* @return string|bool $value sanitized string
*/FUNCTION ft_xss($str,$charset='ISO-8859-1'){/*
* Remove Null Characters
*
* This prevents sandwiching null characters
* between ASCII characters, like Java\0script.
*
*/$str=PREG_REPLACE('/\0+/','',$str);$str=PREG_REPLACE('/(\\\\0)+/','',$str);/*
* Validate standard character entities
*
* Add a semicolon if missing. We do this to enable
* the conversion of entities to ASCII later.
*
*/$str=PREG_REPLACE('#(&\#*\w+)[\x00-\x20]+;#u',"\\1;",$str);/*
* Validate UTF16 two byte encoding (x00)
*
* Just as above, adds a semicolon if missing.
*
*/$str=PREG_REPLACE('#(&\#x*)([0-9A-F]+);*#iu',"\\1\\2;",$str);/*
* URL Decode
*
* Just in case stuff like this is submitted:
*
* <a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a>
*
* Note: Normally urldecode() would be easier but it removes plus signs
*
*/$str=PREG_REPLACE("/%u0([a-z0-9]{3})/i","
SQL University.net courses meet the most demanding needs of the business world for advanced education
in a cost-effective manner. SQL University.net courses are available immediately for IT professionals
and can be taken without disruption of your workplace schedule or processes.
Compared to traditional travel-based training, SQL University.net saves time and valuable corporate
resources, allowing companies to do more with less. That's our mission, and that's what we deliver.
