\n";
foreach ($_GET as $k => $v)
{
// $v = htmlspecialchars($v, ENT_QUOTES);
// $v = mysql_escape_string($v);
$v = htmlentities($v, ENT_QUOTES);
if (preg_match('/([\'"`\'])/', $v, $match))
{
print "sorry get has illegal char '$match[1]'";
exit;
}
$_GET[$k] = $v;
if( $DEBUG)
echo "GET $k=\"$v\"
";
}
foreach ($_POST as $k => $v)
{
// $v = htmlspecialchars($v, ENT_QUOTES);
// $v = mysql_escape_string($v);
$v = htmlentities($v, ENT_QUOTES);
if (preg_match('/([\'"`\'])/', $v, $match)) {
print "sorry post has illegal char '$match[1]'";
exit;
}
$_POST[$k] = $v;
if( $DEBUG)
echo "POST $k=\"$v\"
";
}
if( $DEBUG)
echo "secure.php END
\n";
?>