Comments on: Clean input variable PHP http://ditio.net/2008/06/29/clean-input-variable-php/ Practical guide to web development, marketing and programming Tue, 07 Sep 2010 06:17:00 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Wilfred Sikel http://ditio.net/2008/06/29/clean-input-variable-php/comment-page-1/#comment-38024 Wilfred Sikel Wed, 14 Apr 2010 08:01:13 +0000 http://ditio.net/?p=26#comment-38024 Superb Post. Niftier then the simillar post I checked 2 days ago on Wordpress. Maintain the good work. Superb Post. Niftier then the simillar post I checked 2 days ago on WordPress. Maintain the good work.

]]> By: Matt http://ditio.net/2008/06/29/clean-input-variable-php/comment-page-1/#comment-32552 Matt Sun, 14 Feb 2010 07:01:53 +0000 http://ditio.net/?p=26#comment-32552 This is nice, however you're missing one important aspect... GET and POST arrays can have arrays as values, so this will fail to clean them (and may infact throw a PHP error as well). Recursive functions come in handy here... function __stripslashes($var) { $var = is_array($var) ? array_map('__stripslashes', $var) : stripslashes($var); return $var; } function __htmlspecialchars($var, $style) { $var = is_array($var) ? array_map('__htmlspecialchars', $var, array_fill(0, count($var), $style)) : htmlspecialchars($var, $style); return $var; } $_GET = __stripslashes($_GET); $_GET = __htmlspecialchars($_GET, ENT_QUOTES); This is nice, however you’re missing one important aspect… GET and POST arrays can have arrays as values, so this will fail to clean them (and may infact throw a PHP error as well).

Recursive functions come in handy here…
function __stripslashes($var)
{
$var = is_array($var) ? array_map(‘__stripslashes’, $var) : stripslashes($var);

return $var;
}
function __htmlspecialchars($var, $style)
{
$var = is_array($var) ? array_map(‘__htmlspecialchars’, $var, array_fill(0, count($var), $style)) : htmlspecialchars($var, $style);

return $var;
}
$_GET = __stripslashes($_GET);
$_GET = __htmlspecialchars($_GET, ENT_QUOTES);

]]> By: dave http://ditio.net/2008/06/29/clean-input-variable-php/comment-page-1/#comment-30663 dave Sat, 02 Jan 2010 21:32:32 +0000 http://ditio.net/?p=26#comment-30663 Jolly Joker. it does work. Thank you Charles. Jolly Joker. it does work. Thank you Charles.

]]> By: jolly joker http://ditio.net/2008/06/29/clean-input-variable-php/comment-page-1/#comment-30356 jolly joker Sat, 26 Dec 2009 02:52:41 +0000 http://ditio.net/?p=26#comment-30356 charlies solution is known to work, it never fails. charlies solution is known to work, it never fails.

]]> By: Charlie http://ditio.net/2008/06/29/clean-input-variable-php/comment-page-1/#comment-26113 Charlie Thu, 17 Sep 2009 16:39:02 +0000 http://ditio.net/?p=26#comment-26113 edit: the function is missing a "return $data;" line at the end. edit: the function is missing a “return $data;” line at the end.

]]> By: Charlie http://ditio.net/2008/06/29/clean-input-variable-php/comment-page-1/#comment-26112 Charlie Thu, 17 Sep 2009 16:38:19 +0000 http://ditio.net/?p=26#comment-26112 @Gustavo and everyone else You can simplify, you don't need to assign the variable to a variable to the function results. i.e. instead of <code>$cleanPost = array_map(’confHtmlEnt’, $_GET); $_GET=$cleanPost;</code> do <code>$_GET = array_map(’confHtmlEnt’, $_GET);</code> A nice function is <code> function cleanData($data) { $data = trim($data); $data = htmlentities($data); $data = mysql_real_escape_string($data); } $_POST = array_map('cleanData', $_POST); </code> @Gustavo and everyone else

You can simplify, you don’t need to assign the variable to a variable to the function results. i.e. instead of

$cleanPost = array_map(’confHtmlEnt’, $_GET);
$_GET=$cleanPost;

do

$_GET = array_map(’confHtmlEnt’, $_GET);

A nice function is


function cleanData($data) {
$data = trim($data);
$data = htmlentities($data);
$data = mysql_real_escape_string($data);
}

$_POST = array_map('cleanData', $_POST);

]]> By: Gustavo http://ditio.net/2008/06/29/clean-input-variable-php/comment-page-1/#comment-24354 Gustavo Sun, 09 Aug 2009 05:34:43 +0000 http://ditio.net/?p=26#comment-24354 Thanks Greg, That is what i was looking for,not perfect but enough; now i can use GET,POST with more confidence, doing something simple: function confHtmlEnt($data) {...} $cleanPost = array_map('confHtmlEnt', $_GET); $_GET=$cleanPost; And avoid analizing my vars case by case. Thanks Greg,
That is what i was looking for,not perfect but enough; now i can use GET,POST with more confidence, doing something simple:

function confHtmlEnt($data)
{…}

$cleanPost = array_map(‘confHtmlEnt’, $_GET);
$_GET=$cleanPost;
And avoid analizing my vars case by case.

]]> By: sector http://ditio.net/2008/06/29/clean-input-variable-php/comment-page-1/#comment-23789 sector Fri, 31 Jul 2009 08:28:28 +0000 http://ditio.net/?p=26#comment-23789 Great post about variable cleaning! I've been usually cleaning the input already when storing it to a variable, this way I don't have to worry about it anymore. However, in some cases I might want to be able to see what the user has really entered. Great post about variable cleaning! I’ve been usually cleaning the input already when storing it to a variable, this way I don’t have to worry about it anymore. However, in some cases I might want to be able to see what the user has really entered.

]]>