preg_replace on xss code

Posted by proyb2 on Stack Overflow See other posts from Stack Overflow or by proyb2
Published on 2010-05-31T14:50:43Z Indexed on 2010/05/31 14:53 UTC
Read the original article Hit count: 267

Filed under:
|

Can this code help to sanitize malicious code in user submit form?

function rex($string) {
$patterns = array();
$patterns[0] = '/=/i';
$patterns[1] = '/javascript:/i';
$replacements = array();
$replacements[0] = '';
$replacements[1] = '';
return preg_replace($patterns, $replacements, $string);

I have included htmlentities() to prevent XSS on client side, is all the code shown is safe enough to prevent attack?

© Stack Overflow or respective owner

Related posts about php

Related posts about xss