Below is a very simple and fast version of the php code used by me to remove/strip HTML and PHP tags from $_POST and $_GET array variable :
if (!empty($_POST)) : foreach ($_POST as $key => $value) { $_POST[$key] = addslashes(strip_tags($value)); } endif; if (!empty($_GET)) : foreach ($_GET as $key => $value) { $_GET[$key] = addslashes(strip_tags($value)); } endif;
Explanation of the functions used in the above code:
- strip_tags – tries to return a string with all HTML and PHP tags stripped from a given string. HTML comments and PHP tags are also stripped. This is hardcoded and can not be changed with allowable_tags
- addslashes – returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote (‘), double quote (“), backslash (\) and NUL (the NULL byte). It essentially runs addslashes() or mysql_real_escape_string() on all GET, POST, and COOKIE data.
Be First to Comment