Cleaning all $_POST or $_GET - error in code
Posted: Sun Jan 30, 2011 8:59 am
Hello, I'm trying to make a function that cleans all the $_POST or $_GET varaibles and puts them into a nice $CleanVars array for me. But I'm getting the error: Parse error: syntax error, unexpected ')', expecting T_PAAMAYIM_NEKUDOTAYIM in /site_functions/main.functions.php on line 136
Line 136 is "foreach($_POST as $key=>value)" and it seems the error is about missing double dots? But I'm lost as to how to fix it.
Any ideas, or does anyone have a decent script that cleans all the $_GET, $_POST vars to prevent XSS and sql attacks?
Richard
Line 136 is "foreach($_POST as $key=>value)" and it seems the error is about missing double dots? But I'm lost as to how to fix it.
Any ideas, or does anyone have a decent script that cleans all the $_GET, $_POST vars to prevent XSS and sql attacks?
Richard
Code: Select all
function ba_clean_all_vars($type) {
if($type=="POST") {
foreach($_POST as $key=>value) {
$notclean = array_map("stripslashes",$value);
$notclean = array_map("mysql_real_escape_string",$notclean);
$nowclean[$key] = $notclean;
}
} else {
foreach($_GET as $key=>value) {
$notclean = array_map("stripslashes",$value);
$notclean = array_map("mysql_real_escape_string",$notclean);
$nowclean[$key] = $notclean;
}
}
return $nowclean;
}
Code: Select all
$CleanVars = ba_clean_all_vars('POST');