1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
|
function anti_injection($var, $flag)
{
//bannir les instructions sql s'il y en a!
$banlist = array (
"exec", "master_xp", "--", "//", "shutdown", "/*", "*/", "PHPSESSID", "insert", "select", "update", "delete", "distinct", "having", "truncate", "replace",
"handler", "like", "procedure", "limit", "order by", "group by");
foreach($banlist as $item)
{
if( stripos ($var, $item) !== false) { $var = trim ( str_ireplace ( $banlist, '', $var) ); }
}
//suppr des car indésirables
//autorisés: caractères alphanum + accents
if( strcmp($flag, GLOBAL_AI_ALPHANUM) == 0 ) { $var = preg_replace("/[^a-zA-Z0-9À-ÿ]/",'', $var); }
//autorisés: caractères alphanum + accents + _-&@()=/ + ponctuation (.,;!?) + <space>
elseif( strcmp($flag, GLOBAL_AI_TEXT) == 0 ) { $var = preg_replace("/[^_a-zA-Z0-9À-ÿ-'\"\.,;!?&():\@=\/ ]/",' ', $var); }
//autorisés: caractères numeric
elseif( strcmp($flag, GLOBAL_AI_NUMERIC) == 0 ) { $var = preg_replace("/[^0-9]/",'', $var); }
//autorisés: car alphanum et les signes _ - . & = @ $
elseif( strcmp($flag, GLOBAL_AI_PASSWORD) == 0 ) { $var = preg_replace("/[^_A-Za-z0-9-\.&=\@$]/i",'', $var); }
//PAS DE TEST particulier
elseif( strcmp($flag, GLOBAL_AI_NOPREG) == 0 ) { }
else { echo "ERREUR DEVELOPPEMENT variable ($var) & flag ($flag) <br/>"; return NULL;}
return $var;
} |
Partager