Create an Account

It's free and you have access to premium codes!

Password must be a minimum length of 8, with at least one uppercase, one lowercase, one number, and one special character.

Login

Welcome back! Please login to your account.

Recover Account

Don't worry, we'll send you a message to help you to recover your acount.

Message Received!

We will get back to you as soon as possible.

Account Created!

Please check your email for instructions to activate your account.

All
Hello
Popular Sites
JavaScript Best Codes
Html Free Codes
Html5 Free Codes
Html Best Codes
Developer Codes
Free Frontend
Social Media
Twitter
Instagram
Support
Contact Us
About Php Best Codes
Not a member? Sign Up

Text - Query Filtering

Written by @m_k_amin 20 November 2012

Are you heard about SQL injections? It is an attack using some SQL commands in the input boxes of your site (search box for example); Then the attacker gets data or deletes records of your database. He can also create a super moderator user for himself and do everything he wants. To prevent from these attacks you must filter the texts inputted to your site. This script offer a general function which do several filtering options. Just choose the forms of filtering you want and get the result. You can also use this function to encode or decode strings or to omit your desired words from them. "Special Characters" remove all non-numeric and non-alphabetic characters from the text. "MySQL Real Escape" add slashes before quotes. It needs to connect to the database first. "SQL Words" Removes some important words such as "UPDATE" and "INSERT" from the text. "HTMl Characters" Removes non HTML characters. "URL Encode" Encodes URLs. "URL Decode" Decodes URLs. "Base64 Encode" Encodes texts in base 64 format. "Base64 Decode" Decodes texts in base 64 format. "Custom Words" Removes any words inserted in the text box separated by comma.

Code Snippet:

                                                
                                                <!-- this script is provided by https://www.phpfreecode.com coded by: Kerixa Inc. -->
<!-- This Script is from www.phpfreecpde.com, Coded by: Kerixa Inc-->
<?php
$txt='';
if (isset($_POST['Submit'])){
	$txt=$_POST['txt'];
	if (isset($_POST['SpecialChars'])) $txt=FilterQuery($txt,'SpecialChars');
	if (isset($_POST['realescape'])) $txt=FilterQuery($txt,'realescape','localhost','root','');
	if (isset($_POST['sqlwords'])) $txt=FilterQuery($txt,'sqlwords');
	if (isset($_POST['htmlchars'])) $txt=FilterQuery($txt,'htmlchars');
	if (isset($_POST['urle'])) $txt=FilterQuery($txt,'urle');
	if (isset($_POST['b64e'])) $txt=FilterQuery($txt,'b64e');
	if (isset($_POST['urld'])) $txt=FilterQuery($txt,'urld');
	if (isset($_POST['b64d'])) $txt=FilterQuery($txt,'b64d');
	if (isset($_POST['custom'])&&$_POST['custom']!="") $txt=FilterQuery($txt,$_POST['custom']);
}

function FilterQuery($query,$unwanted,$host='',$username='',$password=''){
	if ($unwanted=='SpecialChars')
		$query = preg_replace("/[^A-Za-z0-9]/", "", $query);
	elseif ($unwanted=='realescape'){
		$link=mysql_connect($host, $username, $password);
		$query= mysql_real_escape_string($query);}
	elseif ($unwanted=='sqlwords')
		$query= preg_replace("/(WHERE|SELECT|UPDATE|SELECT|INSERT|SET|DROP|FROM|INTO|AND|OR|LIMIT|OFFSET)/i", "", $query);
	elseif ($unwanted=='htmlchars')
		$query=htmlspecialchars($query);
	elseif ($unwanted=='urle')
		$query=urlencode($query); 	
	elseif ($unwanted=='b64e')
		$query=base64_encode($query);
	elseif ($unwanted=='urld')
		$query=urldecode($query); 	
	elseif ($unwanted=='b64d')
		$query=base64_decode($query);
	else{
		$unwanted=explode(',',$unwanted);
		$str='';
		foreach($unwanted as $key)
			$str.=$key.'|';
		$str=substr($str,0,strlen($str)-1);
		$query= preg_replace("/($str)/i", "", $query);}
	return $query;
}
?>

			<form method="post">

<table style="border: 1px solid #000000;width: 456px" align="center">
	<tr>
		<td style="font-family: 'Times New Roman', Times, serif;font-size: 17pt;text-align: center;width: 294px; color: #2214B9;border-style: solid;border-width: 1px;"><strong>
		Text</strong></td>
		<td style="font-family: 'Times New Roman', Times, serif;font-size: 17pt;text-align: center;color: #2214B9;border-style: solid;border-width: 1px; width: 420px;">
				<textarea name="txt" style="width: 235px; height: 71px; font-size: 12pt; font-family: 'times New Roman', Times, serif"><?php echo $txt?></textarea>
		</td>
	</tr>
	<tr>
		<td style="font-family: 'Times New Roman', Times, serif;font-size: 17pt;text-align: center;width: 294px; color: #2214B9;border-style: solid;border-width: 1px;"><strong>
		Filter</strong></td>
		<td style="font-family: 'Times New Roman', Times, serif;font-size: 17pt;color: #2214B9;border-style: solid;border-width: 1px; width: 420px;">
			<input name="SpecialChars" style="width: 20px; font-family: 'Times New Roman', Times, serif; font-size: 14pt;" type="checkbox" value="SpecialChars"><span style="font-size: 14pt">Special 
			Characters<br>
			</span><span style="font-size: 15pt">
			<input name="realescape" style="width: 20px;font-family: 'Times New Roman', Times, serif; font-size: 14pt;" type="checkbox" value="realescape"></span><span style="font-size: 14pt">MySQL 
			Real Escape<br>
			</span><span style="font-size: 15pt">
			<input name="sqlwords" type="checkbox" value="sqlwords" style="width: 20px; font-family: 'Times New Roman', Times, serif; font-size: 14pt;"><span style="font-size: 14pt">SQL Words<br>
			</span>
			<input name="htmlchars" style="width: 20px; font-family: 'Times New Roman', Times, serif; font-size: 14pt;" type="checkbox" value="htmlchars"><span style="font-size: 14pt">HTML 
			Characters<br>
			</span>
			<input name="urle" type="checkbox" value="urle" style="width: 20px;font-family: 'Times New Roman', Times, serif; font-size: 14pt"><span style="font-size: 14pt">URL Encode<br>
			</span>
			<input name="urld" type="checkbox" value="urld" style="width: 20px;font-family: 'Times New Roman', Times, serif; font-size: 14pt"><span style="font-size: 14pt">URL Decode<br>
			</span>
			<input name="b64e" type="checkbox" value="b64e" style="width: 20px;font-family: 'Times New Roman', Times, serif; font-size: 14pt"><span style="font-size: 14pt">Base 64 Encode<br>
			</span>
			<input name="b64d" style="width: 20px; font-family: 'Times New Roman', Times, serif; font-size: 14pt;" type="checkbox" value="b64d"><span style="font-size: 14pt">Base 
			64 Decode</span></span></td>
	</tr>
	<tr>
		<td style="font-family: 'Times New Roman', Times, serif;font-size: 17pt;text-align: center;width: 294px; color: #2214B9;border-style: solid;border-width: 1px;">
		<strong>Custom Words <span style="font-size: 15pt">(Separated by comma)</span></strong></td>
		<td style="font-family: 'Times New Roman', Times, serif;font-size: 17pt;text-align: center; color: #2214B9;border-style: solid;border-width: 1px; width: 420px;">
			<input name="custom" style="width: 235px; font-size: 12pt; font-family: 'times New Roman', Times, serif" type="text"></td>
	</tr>
</table>
				<div style="text-align: center">
					<br>
					<input name="Submit" style="width: 85px; height: 34px; font-size: 15pt; font-family: 'times New Roman', Times, serif" type="submit" value="Submit"></div>
</form>
<div style="text-align: center">
	<font face="Tahoma"><a target="_blank" href="http://www.phpfreecode.com/">
	<span style="font-size: 8pt; text-decoration: none">PHP Free Code</span></a></font></div>
</div>
<a target='_blank' href='https://www.phpfreecode.com' style='font-size: 8pt; text-decoration: none'>Php Best Codes</a>

Example:

About @m_k_amin

This user is pending a biography.

M

Comments

Here you can leave us commments. Let us know what you think about this code tutorial!

0 / 300
TRENDING POST
1
Email Hide Preview Function
2
Bad Words Filter Class
3
Email Validation Function
4
Browser Information Detection
5
Valid Send Mail Function with PHP
VISITORS
Online Users: 12
Recent Members: grkkid, Manaakividuinfo.com, karticksv, sava, tinatina
advertisement 2