API tools faq
paste
Ribang

menutup bug sql (konslet)

Ribang
Jun 27th, 2017
151
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.43 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. function filter_html($data, $tipe = 'input', $parameter = null) {
  3. if (!$data) return false;
  4. if (is_array($data)) {
  5. foreach ($data as $key => $value) {
  6. $output[$key] = filter_html($value, $tipe, $parameter);
  7. }
  8. return $output;
  9. }
  10. else {
  11. if (empty($data)) return '';
  12. if (strtolower($tipe) == 'input') {
  13. /*----- default filter untuk input -----*/
  14. //menhapus tanda slash ketika diinputkan dari form HTML
  15. if(isset($parameter['stripslashes_from_query']) && $parameter['stripslashes_from_query'] && get_magic_quotes_gpc()) {
  16. $data = stripslashes($data);
  17. //jika karakter quot distrip dan fitur anti sql injection tidak didefinisikan, maka aktifkan sebagai default
  18. if (!isset($parameter['anti_sql_injection'])) $parameter['anti_sql_injection'] = true;
  19. }
  20. // anti HTML injection
  21. if (isset($parameter['allowed_tag']) && !empty($parameter['allowed_tag']))
  22. $data = strip_tags($data, $parameter['allowed_tag']);
  23. else
  24. $data = strip_tags($data);
  25. /*----- filter input opsional -----*/
  26. //anti SQL injection
  27. if (isset($parameter['anti_sql_injection']) && $parameter['anti_sql_injection']) {
  28. $escape_character = array('\\', "'", '"', '\n', '\r');
  29. $replace_character = array('\\\\', "\'", '\"', '\\n', '\\r');
  30. $data = str_replace($escape_character, $replace_character, $data);
  31. }
  32. }
  33. else if (strtolower($tipe) == 'output') {
  34. //jika user memperbolehkan beberapa tags untuk ditampilkan sebagai HTML
  35. //maka hanya strip yang diperbolehkan
  36. if (isset($parameter['allowed_tag']) && !empty($parameter['allowed_tag']))
  37. $data = strip_tags($data, $parameter['allowed_tag']);
  38. //selain itu, maka semua tag dianggap sebagai string biasa (escape HTML tags)
  39. else {
  40. if (!isset($parameter['stripslashes_from_query'])) $parameter['stripslashes_from_query'] = true;
  41. if ($parameter['stripslashes_from_query'])
  42. $data = stripslashes($data);
  43. $data = strip_tags($data);
  44. //$data = htmlspecialchars($data, ENT_QUOTES);
  45. }
  46. }
  47. return $data;
  48. }
  49. }
  50.  
  51. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!