Jasper Bryant-Greene wrote:
Robert Cummings wrote:
On Wed, 2005-08-24 at 23:12, Jasper Bryant-Greene wrote:
Graham Anderson wrote:
Is there a way to loop thru all of these GET requests by:
putting the GET variables into an array
processing the variable strings with trim/striptags/etc in a loop
exploding the variables back out into separate variables
I just do this:
function process_user_input($value) {
return mysql_real_escape_string(strip_tags(trim($value)));
// Or whatever processing you need
}
$_SAFE_GET = array_map('process_user_input', $_GET);
$_SAFE_POST = array_map('process_user_input', $_POST);
That way you never need to take them out of an array in the first
place. Then you can do things like:
mysql_query("INSERT INTO table (col) VALUES ('{$_SAFE_POST['val']}')");
Still need to check isset() status unless you've disabled E_NOTICE which
I don't advise since it's sloppy ;)
Yeah, I usually would in a real script. Just slipped my mind when
writing that example.
I would also in a real script, not use $_MyVar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
