function cleanXss(&$string, $low = False) { if (!is_array($string)) { $string = trim($string); $string = strip_tags($string); $string = htmlspecialchars($string); if ($low) { return True; } $string = str_replace(array('"', "\\", "'", "/", "..", "../", "./", "//"), '', $string); $no = '/%0[0-8bcef]/'; $string = preg_replace($no, '', $string); $no = '/%1[0-9a-f]/'; $string = preg_replace($no, '', $string); $no = '/[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F\\x7F]+/S'; $string = preg_replace($no, '', $string); return true; } $keys = array_keys($string); foreach ($keys as $key) { cleanXss($string[$key]); } }
function __construct() { $this->sessionHandle(); cleanXss($_POST); cleanXss($_GET); }