I'm using PDO with prepare statement.
I'm using Javascript to encrypt text from html textarea, decrypt in PHP, adding some text and i re-encrypt data before write it in the DB.
I'm using PHP to decrypt data from db and put it in HTML5 pages.
Often the content are the result of HTML encoded text.
addslashes, htmlentities and preg_replace...can i validate / filter data in the best way for me?
Whats the difference between to validate and to filter data?
I have no experience in security. please help me to find the best way for my application.
thanks in advance
what do you think about it?
function clearPasswrod($value){
$value = trim($value); //remove empty spaces
$value = strip_tags(); //remove html tags
$value = htmlentities($value, ENT_QUOTES,'UTF-8'); //for major security transform some other chars into html corrispective...
return $value;
}
function clearText($value){
$value = trim($value); //remove empty spaces
$value = strip_tags(); //remove html tags
$value = filter_var($value, FILTER_SANITIZE_MAGIC_QUOTES); //addslashes();
$value = filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); //remove /t/n/g/s
$value = filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); //remove é à ò ì ` ecc...
$value = htmlentities($value, ENT_QUOTES,'UTF-8'); //for major security transform some other chars into html corrispective...
return $value;
}
function clearEmail($value){
$value = trim($value); //remove empty spaces
$value = strip_tags(); //remove html tags
$value = filter_var($value, FILTER_SANITIZE_EMAIL); //e-mail filter;
if($value = filter_var($value, FILTER_VALIDATE_EMAIL))
{
$value = htmlentities($value, ENT_QUOTES,'UTF-8');//for major security transform some other chars into html corrispective...
}else{$value = "BAD";}
return $value;
}