So you can iterate the results of
func_get_args() and re-assign them???
I swear I tried that but maybe it was just too late and I missed something. Anyways, I just wanted a semi-automated method of securing arguments before sending to my query.
Each time the schema changed I would have to make sure I added that argument to the list like:
Code: Select all
$name = mysql_escape_real_string($name);
$age = mysql_escape_real_string($age);
$bday = mysql_escape_real_string($bday);
What I found was happening though, was that I would occaionally *miss* a argument altogather or would mistype one like:
Code: Select all
$name = mysql_escape_real_string($name);
$age = mysql_escape_real_string($age);
$bday = mysql_escape_real_string($name); // Bad!!
Ideally I wanted to avoid using loops or anything and simply wanted to call a function with each argument in the parameter list clearly visible for the sake of clarity and explicitness. I eventually devised this as a solution which works and keeps things a little more obvious IMHO.
Code: Select all
/** START: SECURE PARAMETERS **/
list($udate, $ddate, $sent, $recv, $open, $status, $layout, $subject, $htmlbody) =
_sane($udate, $ddate, $sent, $recv, $open, $status, $layout, $subject, $htmlbody);
/** FINISH: SECURE PARAMETERS **/
Code: Select all
function _sane()
{
$args = func_get_args();
return array_map('mysql_real_escape_string', $args);
}
Less automated than if I iterated through the func_get_args() but it's clear.
I'm not sure I see how you mean when you say the arguments become fully mutable???
Can you demonstrate with code so I get what your saying?
Here is what I tried previously but it doesn't work - can't use a reference on the func_*
Code: Select all
$cnt = func_num_args();
for($i=0; $i<$cnt; $i++){
$tmp =& func_get_arg($i);
$tmp = mysql_real_escape_string($tmp);
}
How else could you do it?