Posted by Rik on 05/07/06 18:42

Jerry Stuckle wrote:
> I don't like it at all.
>
> First of all, what happens if you need to access the unchanged
> versions of the $_POST variables? Maybe not now - but you might in
> the future. Your code may *look* simpler - but you're just made it
> much harder to modify in the future.

I've never had the need to have BOTH the "cleaned" and the "dirty" variable.

So, with in combination the earlier posted code, you could simply make an
array of variabled to clean:

$vars_to_clean = arra('var1', 'var2', 'var3')
foreach($vars_to_clean as $var){
if(isset($_POST[$var])){$_POST[$var] =
mysql_real_escape_string(trim($_POST[$var]));}
}

Works OK for me, but then again, I haven't done that big a projects.

Alternatively, you could:
foreach($_POST as $key => $value){
$_POST['clean_'.$key] = mysql_real_escape_string(trim($value));
}

2 drawbacks:
- allthough it's possible, adding extra keys to the $_POST array isn't to my
taste...
- you'd have to guard yourself from a POST variables already beginning with
'clean_', which offcourse would become clean_clean_something... So no
checking on wether the key begins with 'clean_',

Grtz,
--
Rik Wasmus

[Back to original message]