So, seriously, this is not going to stop all the attacks out there; it is simply a base function to build upon. This is a PHP function I got off the PHP forums years ago, and can't find it anymore, so I'm posting it here... And now people can see how I safeguard my sites but obscurity should never be a recommended security measure.
This function will check a posted string for suspicious activity and email the specified system administrator. You should modify it to suit your sites needs (eg. if you need to accept url encoded values). It needs some work I know but it's a start. I'd advise using PHP sessions though as well (see after).
For those of you who use Preg_Replace. Preg_replace is a function that uses regular expressions to search and replace a string.
Because my understanding with regular expressions is shady and varies from language to language, I've written this article as a quick reference point.
Just a quick note on how to format a given filesize and to reduce the display output to a small string, eg:
- 196 bytes : displays as => "196 bytes"
- 12945 bytes : displays as => "12 Kb"
- 1478515 bytes : displays as => "1 Mb"
- 8798745455 bytes : displays as => "8 Gb"
This is intended for activity/session durations and although I usually get MySQL to do the date/time calculations, there are times when we have to do with PHP. This is the shortest way I know to properly convert seconds into total hours, minutes and seconds (taking into account regional settings and without using a date function).
- $total_time =intval(intval($total_seconds)/ 3600).":";
- // yields
- // 82800 = 23:00:00
- // 108000 = 30:00:00
- $total_time=intval(intval($total_seconds)/ 3600).":".str_pad(intval(($total_seconds/60)%60),2,"0",STR_PAD_LEFT).":".str_pad(intval($total_seconds%60),2,"0",STR_PAD_LEFT);
This article is a quick note (so I never spend as long again) in PHP on how to determine when looping through a loop, which entry was first and which was last. This is incredibly useful for pagination.