Add cleanInput function without mysqli_escape_string and converted add and edit payment method to Procedural mysqli Prepared Statments

2026-02-28 10:54:52 +00:00 · 2025-11-21 19:54:50 -05:00
parent 169619c9b9
commit 3d119261cc
2 changed files with 43 additions and 7 deletions
--- a/functions.php
+++ b/functions.php
@@ -802,6 +802,26 @@ function sanitizeInput($input) {
    return $input;
 }

+function cleanInput($input) {
+    // Only process non-empty input
+    if (!empty($input)) {
+        // Normalize encoding to UTF-8 if it’s not valid
+        if (!mb_check_encoding($input, 'UTF-8')) {
+            // Convert from Windows-1252 as a safe fallback
+            $input = mb_convert_encoding($input, 'UTF-8', 'Windows-1252');
+        }
+    }
+
+    // Remove HTML and PHP tags
+    $input = strip_tags((string) $input);
+
+    // Trim whitespace
+    $input = trim($input);
+
+    return $input;
+}
+
+
 function sanitizeForEmail($data)
 {
    $sanitized = htmlspecialchars($data);