Pages

Sunday, May 18, 2014

Check XSS script when form submit - PHP

If you want to check XSS script than please write below code:

checkMagicQuotes();
checkXssScript();

function checkMagicQuotes()
{
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
function stripslashes_deep($value)
   {
       return is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
   }
   $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
    $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
}

function checkXssScript()
{
function stripXss($value)
{
$tags = array(
    '@<script[^>]*?>.*?</script>@si',
    '@&#(\d+);@e',
    '@\[\[(.*?)\]\]@si',
    '@\[!(.*?)!\]@si',
    '@\[\~(.*?)\~\]@si',
    '@\[\((.*?)\)\]@si',
    '@{{(.*?)}}@si',
    '@\[\*(.*?)\*\]@si'
   );
   return is_array($value) ? array_map('stripXss', $value) : preg_replace($tags, '', $value);
}
$_POST    = array_map('stripXss', $_POST);
$_GET     = array_map('stripXss', $_GET);
$_COOKIE  = array_map('stripXss', $_COOKIE);
$_REQUEST = array_map('stripXss', $_REQUEST);
}

No comments: