" , ">" , $what ); $what = str_replace( "<" , "<" , $what ); $what = ereg_replace( "\"" , """ , $what ); $what = str_replace( "!" , "!" , $what ); $what = str_replace( "'" , "'" , $what ); $what = str_replace( "(^)-(^)" , "&#" , $what ); $what = str_replace("`" ,"" , $what ); $what = ereg_replace("\n" , "
" , $what ); $what = ereg_replace("\r" , "" , $what ); return $what; } //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /** * Makes sure string is only alpha numeric. * * @param string $buffer the text to make sql safe. * * @return string $buffer the converted string. */ function alphanumeric($string){ $string = ereg_Replace("([^a-zA-Z0-9])*", "", $string); return $string; } //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /** * Makes sure string is filterd before sending to system command * no piping, passing possible environment variables ($), * seperate commands, nested execution, file redirection, * background processing, special commands (backspace, etc.), quotes * newlines, or some other special characters * * @param string $buffer the text to make what safe * * @return string $buffer the converted string. */ function filter_what($string){ return escapeshellwhat($string); //$pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; //$string = preg_replace($pattern, '', $string); //$string = '"'.preg_replace('/\$/', '\\\$', $string).'"'; //make sure this is only interpretted as ONE argument //return $string; } ?>