Odd Input Sanitation Problem

jjacquay712 · June 14, 2009

I have a function that I use to sanitize all post and get user input. The problem is it randomly throws in the characters "rn" to the data. Here is what my code looks like:

<?php
function sanitize($input) {
if ( is_array($input) ) {
	foreach ( $input as $title=>$data ) {
		$input[$title] = stripslashes(mysql_real_escape_string($data));
	}	
	return $input;
} else {
	return stripslashes(mysql_real_escape_string($input));	
}
}

$_POST = sanitize($_POST);
$_GET = sanitize($_GET);
?>

When I comment out the lines

$_POST = sanitize($_POST); 
$_GET = sanitize($_GET);

It works normally. I am using tinymce as a JavaScript text editor (if that might make a difference). Any ideas about what the problem might be?

Thanks, John

jxrd · June 14, 2009

Have you got a db connection, since you're using mysql_real_escape_string()?

cunoodle2 · June 14, 2009

What is some sample data that get the error? It may have to be with the input itself. "rn" are coming from formatting issues.

"\n" means a new line. Since you are stripping slashes it will yield simply a "n"

"\r" I believe has something to do with "tab" (or spaces??) and again stripping the slash out will yield just the single letter "r"

jjacquay712 · June 14, 2009

Yes i have a DB connection, ill try to remove the strip slashes and see if that works.

Sign In

Odd Input Sanitation Problem

Recommended Posts

jjacquay712

Link to comment

Share on other sites

jxrd

Link to comment

Share on other sites

cunoodle2

Link to comment

Share on other sites

jjacquay712

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information