<?php

/* *
 * sanitizer.php Sanitizer (Explicit input checking: Better security, less code.)
 * Copyright (C) 2009, Ray Patrick Soucy
 *
 * Revision: 1
 * Modified: 2009-03-13
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

function sanitize($string, $allowed = '', $allow_aZ = true, $allow_09 = true) {

	/* *
	 * Utility function for sanitize, check if a char is in a string.
	 * Nested functions are unique to PHP, may look odd, but useful. 
	 */
	function charin($c, $s) {
		$result = false;
		for ($i = 0; $i < strlen($s); $i++) {
			if ($c == $s[$i]) {
				$result = true;
				break;
			} // if
		} // for
		return $result;
	} // charin

	/* Check flags for a-Z and 0-9, on by default. */
	if ($allow_aZ) $allowed .= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
	if ($allow_09) $allowed .= '0123456789';

	$result = '';

	for ($i = 0; $i < strlen($string); $i++) {
		if (charin($string[$i], $allowed)) {
			$result .= $string[$i];
		} // if
	} // for

	return $result;

} // sanitize

?>