Jump to content


Photo

sanitizing form values


  • Please log in to reply
4 replies to this topic

#1 rbragg

rbragg
  • Members
  • PipPipPip
  • Advanced Member
  • 176 posts

Posted 26 October 2006 - 08:45 PM

Is it possible to apply strip_tags to all form objects at once in this manner:

foreach ($_POST as $key => $value) # put the values into session variables
	{
    	if ($key != "confirm")
	  	{
        	$_SESSION[$key] = strip_tags($value);
		}
	}

Any help would be greatly appreciated.  :)

#2 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 26 October 2006 - 08:46 PM

Yes :)

Orio.
Think you're smarty?

(Gone until 20 to November)

#3 rbragg

rbragg
  • Members
  • PipPipPip
  • Advanced Member
  • 176 posts

Posted 26 October 2006 - 08:50 PM

Thanks for your reply. I enter something like <? robin ?> in my first name textfield. Although I have validation checking to make sure this field is not left empty, it displays an empty echo on my confirmation page.

Or maybe this is precisely how strip_tags functions? I thought that only the tags would be removed leaving me with "robin".  ???

#4 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 26 October 2006 - 09:00 PM

strip_tags() doesnt remove the tags, but escapes the charaters.
From the manual:
This function tries to return a string with all HTML and PHP tags stripped from a given str

Orio.
Think you're smarty?

(Gone until 20 to November)

#5 rbragg

rbragg
  • Members
  • PipPipPip
  • Advanced Member
  • 176 posts

Posted 26 October 2006 - 09:03 PM

Hmm... with that reasoning why would "robin" not be returned?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users