a function to real escape $_GET and $_POST !?

[hassank1]

I was thinking that instead of real escaping $_GET and $_POST each time manually.it's better to create a function that will be placed in (ex: global.php [called on each page]) which will contains a function that takes the $_POST and/or $_GET elements (if any) and real_escape_string them .. so is this a good idea or does it have disadvantages ?

 

and would u please help to implement this function that will loop every element and real_escape it ..

 

thx..

[p2grace]

What I usually do is have all get and post variables as an array and submit that to a function which cleans the array and submits the array back.

 

<?php
private function cleandata($arr){
$cleanarr = array();
foreach($arr as $key => $value){
     $cleanarr [$key] = trim(mysql_real_escape_string($value));
}
        return $cleanarr;
}
?>

[hassank1]

that what I was looking for .. thx

[p2grace]

Just so you know, a really handy function for converting all the items return from that function into variables is the extract() function.  It'll convert all keys with their values to individual variables.

 

<?php
$data['name'] = "ted";
extract($data);
echo $name; // will display ted
?>

[hassank1]

yeah it could be useful ...

 

however about the previous function .. something like that will work right ?

 

$_GET=cleandata($_GET) ?

[p2grace]

Hmm it should work, I'm not sure how it will handle saving it back to the $_GET, otherwise you could just save it to an array and use the array name instead of $_GET.