input process with php - doubt

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nithyavivegam
Forum Newbie
Posts: 4
Joined: Fri Oct 31, 2008 10:16 am

input process with php - doubt

Post by nithyavivegam »

I wrote a small function called "sanitize_input", when I had a problem with double quotes ( " ) and single quote ( ' ) which did not let my input being updated in the database.

I call this function with passing the POST and GET global variables before updating the input to the database. I am not using cookies or sessions extensively. So I am just enough with POST and GET. I wanted to know whether I am doing it correct? or I had to do this in a better way.

sanitize_input($_POST);
sanitize_input($_GET);

Code: Select all

if ( ! get_magic_quotes_gpc() ) 
{
    function sanitize_input(&$arr) {    
        foreach($arr as $key=>$value) 
        {           
            if (is_array($value)) 
            {
                sanitize_input($value);
            }           
            $arr[$key] = addslashes($value);            
        }       
    }
}
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: input process with php - doubt

Post by requinix »

Couple minor issues with your code, but the main point is that you should be using the right function instead of addslashes. For example, with MySQL you should use mysql_real_escape_string to sanitize data.

Code: Select all

if (PHP_VERSION < 6 && get_magic_quotes_gpc()) // magic_quotes was removed in PHP 6
{
    function mres_deep(&$arr)
    {
        foreach ($arr as $key => $value)
        {
            if (is_array($value))
            {
                $arr[$key] = mres_deep($value);
            }
            else
            {
                $arr[$key] = mysql_real_escape_string($value);
            }
        }
    }
    mres_deep($_POST);
    mres_deep($_GET);
    mres_deep($_COOKIE);
}
nithyavivegam
Forum Newbie
Posts: 4
Joined: Fri Oct 31, 2008 10:16 am

Re: input process with php - doubt

Post by nithyavivegam »

Thank you very much! tasairis

Code: Select all

$arr[$key] = mres_deep($value);
Your code at line no : 9 has a problem.

I am sure the function doesn't return anything but you have tried to assign the return value.
I think that overwrites the existing value and result in a loss of data.
Post Reply