Best way to clean a lot of inputs?

Rifts · December 10, 2010

Hey guys

I have a lot of inputs from my form. Is there a way I can do like a for each or something instead of of having to write

$myusername = stripslashes($_POST['name');

$mypassword = stripslashes($_POST['pass']);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);

.... for all 16 fields?

thanks

MMDE · December 10, 2010

write a function? =P

function clean($var){
$var=stripslashes($var);
$var=mysql_real_escape_string($var);
return $var;
}

foreach($_POST AS $row){
$my[]=clean($row);
}

print_r($my);

^ not sure if foreach $_POST is a good idea... at least check if it exists first! xD

if the input fields had been named similar, like: my1, my2 etc. then you could just have

for($i=1;$i<17;$i++){

$my[]=clean($_POST['my'.$i]);

}

BlueSkyIS · December 10, 2010

Sometimes I set up an array of variable names, then loop over that. something like (simplified)

$pvars = array('fname','lname','address1','city','state','zip');

foreach ($pvars AS $a_pvar) {
     ${$a_pvar} = mysql_real_escape_string(strip_slashes($_POST[$a_pvar]));

}

I don't simply loop over POST, because it scares me.

MMDE · December 10, 2010

Sometimes I set up an array of variable names, then loop over that. something like (simplified)
$pvars = array('fname','lname','address1','city','state','zip');

foreach ($pvars AS $a_pvar) {
     ${$a_pvar} = mysql_real_escape_string(strip_slashes($_POST[$a_pvar]));

}
I don't simply loop over POST, because it scares me.

ye!

so I also suggested:

if the input fields had been named similar, like: my1, my2 etc. then you could just have

for($i=1;$i<17;$i++){

$my[]=clean($_POST['my'.$i]);

}

Rifts · December 10, 2010

I just did it this way

function clean($var){

$var=stripslashes($var);

$var=mysql_real_escape_string($var);

return $var;

}

and it worked great thanks

PFMaBiSmAd · December 10, 2010

Or if you sometimes use arrays and don't want to remove \ that are intentionally part of the data -

function escape_deep($value){
if(is_array($value)){
	$value = array_map('escape_deep', $value);
} else {
	if(get_magic_quotes_gpc()){
		$value = stripslashes($value);
	} else {
		$value = mysql_real_escape_string($value);
	}
}
    return $value;
}

$_POST = array_map('escape_deep', $_POST); // escape all the post data at once

Sign In

Best way to clean a lot of inputs?

Recommended Posts

Rifts

Link to comment

Share on other sites

MMDE

Link to comment

Share on other sites

BlueSkyIS

Link to comment

Share on other sites

MMDE

Link to comment

Share on other sites

Rifts

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information