how to clean POST and GET vars in PHP for XSS and SQL injection
问题 In my web app is a config file which includes i.e. database connection settings ans is always loaded at the first line of a PHP script. I would like to include a function which cleans all POST and GET data for maybe existing XSS and SQL Injection risks. I am not sure if that function is really enough function make_safe($variable) { $variable = strip_tags(mysql_real_escape_string(trim($variable))); return $variable; } foreach ($_POST as $key => $value) { $_POST[$key] = make_safe($value); } /