<?php
// SANITIZE DATA
// 2005-10-25
class SanitizeData
{
function SanitizeData()
{
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals == true)
{
define('SANITIZE_REGISTER_GLOBALS', 1);
}
else
{
define('SANITIZE_REGISTER_GLOBALS', 0);
}
$magic_quotes = (bool) ini_get('magic_quotes_gpc');
if ($magic_quotes == true)
{
define('SANITIZE_MAGIC_QUOTES', 1);
}
else
{
define('SANITIZE_MAGIC_QUOTES', 0);
}
$this->data = array();
}
function my_utf8_decode($string)
{
return strtr($string,
'???????��������������������������������������������������������������',
'SOZsozYYuAAAAAAACEEEEIIIIDNOOOOOOUUUUYsaaaaaaaceeeeiiiionoooooouuuuyy');
}
function sanitize_email($email)
{
$email = $this->sanitize_system_string(strtolower(trim($email)));
$pattern = '/^[^@\s<&>]+@([-a-z0-9]+\.)+[a-z]{2,}$/i';
if (preg_match($pattern, $email))
{
return $email;
}
return false;
}
function sanitize_date($date, $sep = '-')
{
// range year: 1900 - 2099
$pattern =
"/^(19[\d]{2}|20[\d]{2})".
'('. $sep .')'.
"(0[1-9]{1}|[1-9]{1}|1[0-2]{1})".
'('. $sep .')'.
"(0[1-9]|[1-9]{1}|[1-2]{1}[0-9]{1}|3[0-1]{1})$/";
if (preg_match($pattern, $date, $matchs))
{
$year = (strlen($matchs['1']) < 4) ? '20' . $matchs['1'] : $matchs['1'];
$month = (strlen($matchs['3']) < 2) ? '0' . $matchs['3'] : $matchs['3'];
$day = (strlen($matchs['5']) < 2) ? '0' . $matchs['5'] : $matchs['5'];
return $year .'-'. $month .'-'. $day;
}
return false;
}
function sanitize_url($url = '')
{
$pattern = '/(;|\||`|>|<|^|"|' . "\n|\r|". '|{|}|[|]|\)|\()/i';
$url = preg_replace($pattern, '', $url);
if ( is_int(strpos($url, '../')) || is_int(strpos($url, './')) )
{
$url = str_replace('./', '', str_replace('../', '', $url));
}
if (substr($url, 0, 1) == '/')
{
$url = substr($url, 1);
}
return $url;
}
function sanitize_alfanum_string($string, $min = '', $max = '')
{
$string = preg_replace('/[^a-zA-Z0-9]/', '', trim($string));
$len = strlen($string);
if ((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
{
return false;
}
return $string;
}
function sanitize_alfa_string($string, $min = '', $max = '')
{
$string = preg_replace('/[^a-zA-Z]/', '', trim($string));
$len = strlen($string);
if ((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
{
return false;
}
return $string;
}
function sanitize_system_string($string, $min = '', $max = '')
{
$pattern = '/(;|\||`|>|<|&|^|"|' . "\n|\r|'" . '|{|}|[|]|\)|\()/i';
$string = preg_replace($pattern, '', $string);
//$string = '"'. preg_replace('/\$/', '\\\$', $string) .'"';
$len = strlen($string);
if ((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
{
return false;
}
return $str;
}
function sanitize_sql_string($string, $min = '', $max = '')
{
$string = $this->_addslashes($string);
$len = strlen($str);
if ((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
{
return false;
}
$pattern = '/;/';
return preg_replace($pattern, '', $string);
}
function sanitize_html_string($string)
{
$pattern = array(
'/\&/', '/</', '/>/','/\n/', '/"/', "/'/", "/%/", '/\(/', '/\)/', '/\+/', '/-/'
);
$replacement = array(
'&', '<', '>', "\n", '"', ''', '%', '(', ')', '+', '-'
);
return preg_replace($pattern, $replacement, $string);
}
function sanitize_int($integer, $min = '', $max = '')
{
$int = intval($integer);
if ((($min != '') && ($int < $min)) || (($max != '') && ($int > $max)))
{
return false;
}
return $int;
}
function sanitize_float($float, $min = '', $max = '')
{
$float = floatval($float);
if ((($min != '') && ($float < $min)) || (($max != '') && ($float > $max)))
{
return false;
}
return $float;
}
function _addslashes($string)
{
if (SANITIZE_MAGIC_QUOTES)
{
return $string;
}
else
{
return addslashes($string);
}
}
}
// EXEMPLO
$filtro = new SanitizeData();
$dado_limpo = array(
'nome' => $filtro->sanitize_alfa_string($_POST['nome'], 4, 30),
'idade' => $filtro->sanitize_int($_POST['nome'], 1, 100),
'email' => $filtro->sanitize_email($_POST['email']),
'comentarios' => $filtro->sanitize_html_string($_POST['comentarios'])
);
?>