Update sanitize_input Function to handle encoding issues such as Vietnamese. Instead of Blindly just converting to UTF-8 check the input to see if its already UTF-8

This commit is contained in:
johnnyq 2025-07-25 12:35:13 -04:00
parent 6307099bc1
commit d115d57d1a
1 changed files with 7 additions and 11 deletions

View File

@ -898,30 +898,26 @@ function checkFileUpload($file, $allowed_extensions)
return $secureFilename; return $secureFilename;
} }
function sanitizeInput($input) function sanitizeInput($input) {
{
global $mysqli; global $mysqli;
if (!empty($input)) { if (!empty($input)) {
// Detect encoding // Only convert encoding if it's NOT valid UTF-8
$encoding = mb_detect_encoding($input, ['UTF-8', 'ISO-8859-1', 'Windows-1252', 'ISO-8859-15'], true); if (!mb_check_encoding($input, 'UTF-8')) {
// Try converting from Windows-1252 as a safe default fallback
// If not UTF-8, convert to UTF8 (primarily Windows-1252 is problematic) $input = mb_convert_encoding($input, 'UTF-8', 'Windows-1252');
if ($encoding !== 'UTF-8') {
$input = mb_convert_encoding($input, 'UTF-8', $encoding);
} }
} }
// Remove HTML and PHP tags // Remove HTML and PHP tags
$input = strip_tags((string) $input); $input = strip_tags((string) $input);
// Remove white space from beginning and end of input // Trim white space
$input = trim($input); $input = trim($input);
// Escape special characters // Escape for SQL
$input = mysqli_real_escape_string($mysqli, $input); $input = mysqli_real_escape_string($mysqli, $input);
// Return sanitized input
return $input; return $input;
} }