|
|
Posted by Robert Cummings on 08/25/05 06:22
On Wed, 2005-08-24 at 23:12, Jasper Bryant-Greene wrote:
> Graham Anderson wrote:
> > Is there a way to loop thru all of these GET requests by:
> > putting the GET variables into an array
> > processing the variable strings with trim/striptags/etc in a loop
> > exploding the variables back out into separate variables
>
> I just do this:
>
> function process_user_input($value) {
> return mysql_real_escape_string(strip_tags(trim($value)));
> // Or whatever processing you need
> }
>
> $_SAFE_GET = array_map('process_user_input', $_GET);
> $_SAFE_POST = array_map('process_user_input', $_POST);
>
> That way you never need to take them out of an array in the first place.
> Then you can do things like:
>
> mysql_query("INSERT INTO table (col) VALUES ('{$_SAFE_POST['val']}')");
Still need to check isset() status unless you've disabled E_NOTICE which
I don't advise since it's sloppy ;)
Cheers,
Rob.
--
..------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
Navigation:
[Reply to this message]
|