I need to make a library for data processing, so I can use it before calling functions such as: Register, Change, Delete and etc ...
I am using PDO for communication with the mysql database, and the method itself already has some security measures to avoid sql injection, but I would like an extra security.
I've been researching and found nothing better than the filter sanitize that the php language itself offers, but I believe it has better and more complete ways of using those features.
Here is the function I did:
function limpeza($dados) {
foreach ($dados as $key => $valor) {
if (is_numeric($valor)) {
$dados[$key] = filter_var($dados[$key], FILTER_SANITIZE_NUMBER_INT);
} else {
$dados[$key] = filter_var(utf8_decode($dados[$key]), FILTER_SANITIZE_STRING);
}
}
return $dados;
}
My idea is to take the POST array from the form and pass it directly to the function, and return it to a clean and free array of eg html, php, or other malicious scripts. As it is, the function actually clears all malicious tags and scripts and returns the clean array. But I feel that there are much better ways to do it, and I do not find much content on the internet about it.