Jump to content

Sanitise User input


pck76

Recommended Posts

Hi All,

 

I was trying to write a function able to sanitise user input, to be used in a registration form.

 

So far I came up with the following:

 

if(isset($_POST['submit'])){

// strip malicious code
if(get_magic_quotes_gpc()) {
	$_POST = array_map('stripslashes', $_POST);
} 
$_POST = array_map('trim', $_POST);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_POST = array_map('strip_tags', $_POST);

 

This is supposed to sanitise all fields in the $_POST variable, but I'm sure I'm forgetting something else. can you please advise?

Thanks

Patrick

Link to comment
https://forums.phpfreaks.com/topic/161179-sanitise-user-input/
Share on other sites

@ gevans

 

to use mysql_real_escape_string the connection needs to be already open?

 

@ Crayon

You're right, and probably I wasn't very clear - the purpose of that function is only to make sure the input is safe (eg. no sql injections, XSS attacks etc); the data validation is in another function.

 

Link to comment
https://forums.phpfreaks.com/topic/161179-sanitise-user-input/#findComment-850560
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.