Fast way to strip_tags in whole document

Question

Our website is currently under attack by some scriptkiddies that are adding HTML code to their motto's and other database tables (they have access too) and we would like to use strip_tags to filter the HTML out of it, we use a lot of queries on our website so I was wondering if there was a way to apply these rules to a whole document.

Some of our queries look like this:

<?php echo $users->UserInfo($username, 'motto'); ?>

While others look like:

<div class="title">'.$campaign['caption'].'</div>

A plug-in for PHP would be good to, we use Windows Server 2008 R2 SP1 with IIS.

Answer 1

The easiest way would be to create a wrapper object around the actual db abstraction object(s).
For example, if there is an object of type "db" that provides you some convienance functions such as "select" and "update", you could write a class that extends "db" and overrides the "select function". It might look something like this (its an example as you have not provided enough info on your specific implementation).

class db2 extends db 
{
    public function select($tableName, $whereClause)
    {
        $result = parent::select($tableName, $whereClause);
        return strip_tags($result); 
    }
}

Then you would replace your object that instantiated "db" and instead instantiate "db2".

$db = new db($connectionParams);

should be replaced with

$db = new db2($connectionParams);

Now all your existing queries should use the new function which removes the tags.