Command Center

With the ever increasing attacks on websites for place malware links and site defacement a programmer must be ready. Also many times these attacks are on older systems that need to be supported. I have developed a PHP 5.x approach to this. The code is a block of code that can be added at the top of your script. If you have a special need to sanitize the input then add the form field name or query string field name into the array and let the script do the rest.
Here is the code:

<?php
# Add the Post or Get fields coming in to specify filter.
# Default: filter string
$filters = array(
  'my_text'       =>  'string',
  'my_email'      =>  'email',
  'my_url'        =>  'url',
  'my_chars'      =>  'special',
  'my_int'        =>  'int',
  'my_float'      =>  'float',
  'my_encoded'    =>  'encoded'
);
 
foreach($_POST as $key=>$value){
 
  if(array_key_exists($key, $filters)){
  switch ($filters[$key]){
  case 'string':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  break;
   
  case 'email':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_EMAIL);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_EMAIL);
  break;
   
  case 'url':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_URL);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_URL);
  break;
   
  case 'special':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_SPECIAL_CHARS);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_SPECIAL_CHARS);
  break;
   
  case 'int':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_INT);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_INT);
  break;
   
  case 'float':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_FLOAT);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_FLOAT);
  break;
   
  case 'encoded':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_ENCODED);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_ENCODED);
  break;
   
  default :
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  }
  } else {
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  }
 
}
 
foreach($_GET as $key=>$value){
 
  if(array_key_exists($key, $filters)){
  switch ($filters[$key]){
  case 'string':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  break;
   
  case 'email':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_EMAIL);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_EMAIL);
  break;
   
  case 'url':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_URL);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_URL);
  break;
   
  case 'special':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_SPECIAL_CHARS);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_SPECIAL_CHARS);
  break;
   
  case 'int':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_INT);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_INT);
  break;
   
  case 'float':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_FLOAT);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_FLOAT);
  break;
   
  case 'encoded':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_ENCODED);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_ENCODED);
  break;
   
  default :
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  }
  } else {
  $_GET[$key] = filter_input(INPUT_GET, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_GET, $key, FILTER_SANITIZE_STRING);
  }
}

?>

REFERENCES
http://scovol.net/2010/02/12/generic-input-sanitizer/