That would be correct. but two things I have to add:
* it's called bad style to re-write (override) predefined vars like
_POST, _GET, _SERVER ...
* using strip_tags() to clean user-input for safe output ist not O.K.!
use htmlspecialchars(), at least.
Regards,
2009/3/28 Virgilio Quilario <virgilio.quilario@xxxxxxxxx>:
>> Hi all.
>>
>> I'm writing a script that accepts several different forms with different content. Depending on what data is sent with the form the script will do one or the other think.
>>
>> Before the form data is processed I'd like to scrub it of HTML tags.
>>
>> I can do this manually as below but the form may have dozens of items of data so I'd like to automate it.
>>
>> $_POST['name'] = strip_tags($_POST['name']);
>> $_POST['address'] = strip_tags($_POST['address']);
>> $_POST['phone'] = strip_tags($_POST['phone']);
>>
>> I saw a few lines of code once that used "foreach" on the $_POST array elements and it did not seem to matter how many or what names the elements had.
>>
>> Conceptually like this
>>
>> foreach ($_POST - element) {
>> $_POST-element = strip_tags($_POST-element)
>> }
>>
>> Any ideas please ?
>>
>> Thanks.
>>
>
> here,
>
> foreach ($_POST as $key => $value) {
> $_POST[$key] = strip_tags($value);
> }
>
> good luck.
>
> virgil
> http://www.jampmark.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
