On Thu, Feb 21, 2008 at 8:59 PM, Casey <heavyccasey@xxxxxxxxx> wrote:
>
> On Thu, Feb 21, 2008 at 8:53 PM, nihilism machine
> <nihilismmachine@xxxxxxxxx> wrote:
> > What is a better idea? Using this class in my db class and using
> > CleanInput on the sql statements, or using it in the top of the all
> > pages with form input to clean the $_POST's? Also, any ideas or
> > comments on improving the class?
> >
> > <?php
> >
> > class FormCleaner {
> >
> > // Initializer
> > function __construct() {
> > if (count($_POST) > 0) {
> > foreach($_POST as $curPostKey => $curPostVal) {
> > $_POST[$curPostKey] = $this->CleanInput($curPostVal);
> > }
> > }
> > }
> >
> > // Clean Form Input
> > public function CleanInput($UserInput) {
> > $allowedtags = "<b></b><i></i><h1></h1><a></a><img><ul></ul><li></
> > li><blockquote></blockquote>";
> > $notallowedattribs = array("@javascript:|onclick|ondblclick|
> > onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|
> > onkeydown|onkeyup@si");
> > $changexssto = '';
> > $UserInput = preg_replace($notallowedattribs, $changexssto,
> > $UserInput);
> > $UserInput = strip_tags($UserInput, $allowedtags);
> > $UserInput = nl2br($UserInput);
> > return $UserInput;
> > }
> > }
> >
> > ?>
> >
>
> Does this line work?:
>
> foreach($_POST as $curPostKey => $curPostVal) {
> $_POST[$curPostKey] =
> $this->CleanInput($curPostVal);
> }
>
> If I recall correctly, you can't modify the array within a foreach
> block... or am I going crazy?
>
> --
> -Casey
>
Nevermind, wrong language! :P
--
-Casey
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
