function secure_string($unsafe_string, $max_length) { if(!is_int($max_length)) error("Variable max_length is not an integer." );
if (strlen($unsafe_string) > $max_length) error("Too many characters."); }
I want the $max_length to be optional. With your solution it isn't? I thought I could make it optional by assigning a default value of -1, which would tell the function not to bother with max_length and continue the execution.
All in all my function looks like this (crossing my fingers and hopes that linewrap works this time):
function secure_string($unsafe_string, $max_length = -1, $errormessage = "Du har skrivit för många tecken.")
{
// verify that string isn't longer then $max_length, if $max_length is set
if ($max_length > -1)
{
if (!is_int($max_length))
{
error("Variabeln max_length är inte en siffra.");
}
if (strlen($unsafe_string) > $max_length)
{
error($errormessage);
}
}
// create array containing bad words
$badwords = array(";","--","select","drop","insert","xp_","delete");
$goodwords = array(":","-","choose","leave","add"," ","remove");
// check for occurences of $badwords
for($i=0; $i<7; $i++)
{
$unsafe_string = str_replace("$badwords[$i]", "$goodwords[$i]","$unsafe_string");
}
$unsafe_string = AddSlashes($unsafe_string);
$unsafe_string = htmlentities($unsafe_string);
$unsafe_string = strip_tags($unsafe_string);
$unsafe_string = trim($unsafe_string);
Return $unsafe_string;
}
Are the last steps (AddSlashes through trim) overkill? I want to make it safe for mysql.
-- anders thoresson
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
