Jump to content

Best way to clean a lot of inputs?


Rifts
 Share

Recommended Posts

Hey guys

 

I have a lot of inputs from my form. Is there a way I can do like a for each or something instead of of having to write

 

$myusername = stripslashes($_POST['name');

$mypassword = stripslashes($_POST['pass']);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);

 

.... for all 16 fields?

 

thanks

Link to comment
Share on other sites

write a function? =P

 

function clean($var){
$var=stripslashes($var);
$var=mysql_real_escape_string($var);
return $var;
}

foreach($_POST AS $row){
$my[]=clean($row);
}

print_r($my);

 

^ not sure if foreach $_POST is a good idea... at least check if it exists first! xD

 

if the input fields had been named similar, like: my1, my2 etc. then you could just have

 

for($i=1;$i<17;$i++){

$my[]=clean($_POST['my'.$i]);

}

Link to comment
Share on other sites

Sometimes I set up an array of variable names, then loop over that. something like (simplified)

 

$pvars = array('fname','lname','address1','city','state','zip');

foreach ($pvars AS $a_pvar) {
     ${$a_pvar} = mysql_real_escape_string(strip_slashes($_POST[$a_pvar]));

}

 

I don't simply loop over POST, because it scares me.

Link to comment
Share on other sites

Sometimes I set up an array of variable names, then loop over that. something like (simplified)

 

$pvars = array('fname','lname','address1','city','state','zip');

foreach ($pvars AS $a_pvar) {
     ${$a_pvar} = mysql_real_escape_string(strip_slashes($_POST[$a_pvar]));

}

 

I don't simply loop over POST, because it scares me.

 

ye!

 

so I also suggested:

 

if the input fields had been named similar, like: my1, my2 etc. then you could just have

 

for($i=1;$i<17;$i++){

  $my[]=clean($_POST['my'.$i]);

}

Link to comment
Share on other sites

Or if you sometimes use arrays and don't want to remove \ that are intentionally part of the data -

function escape_deep($value){
if(is_array($value)){
	$value = array_map('escape_deep', $value);
} else {
	if(get_magic_quotes_gpc()){
		$value = stripslashes($value);
	} else {
		$value = mysql_real_escape_string($value);
	}
}
    return $value;
}

$_POST = array_map('escape_deep', $_POST); // escape all the post data at once

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.