Thread: Alternative to addslashes
View Single Post
01-01-2008, 12:43 AM
 #4
phpintheusa is offline phpintheusa
phpintheusa's Avatar
Status: I'm new around here
Join date: Dec 2007
Location: Tennessee
Expertise:
Software:
 
Posts: 20
iTrader: 0 / 0%
 

phpintheusa is on a distinguished road

Send a message via MSN to phpintheusa

  Old

I mixed yours (from your blog) and mine, I like this:

Code:
function clean($value) {
	// I clean the string up when my function is called.
	$search = array('javascript:',  
	                'document.location', 
	                'vbscript:', 
	                '<marquee', 
	                '<script', 
	                '?php'); 
	$value = str_replace($search, '_', $value); 
	$value = mysql_real_escape_string(strip_tags(trim($value)));
	return $value;
}
function vdata($value) {
	if (get_magic_quotes_gpc()) {
		//if the dope has magic quotes on, strip them
		$value = stripslashes($value);
	}
	if (!is_numeric($value) || $value[0] == '0') {
		// now do the cleaning
		$value = clean($value);
	}
	return $value;
}
Then just call like this:

Code:
$value = vdata($_POST['value']);