Page 1 of 1

input process with php - doubt

Posted: Fri Oct 31, 2008 10:32 am
by nithyavivegam
I wrote a small function called "sanitize_input", when I had a problem with double quotes ( " ) and single quote ( ' ) which did not let my input being updated in the database.

I call this function with passing the POST and GET global variables before updating the input to the database. I am not using cookies or sessions extensively. So I am just enough with POST and GET. I wanted to know whether I am doing it correct? or I had to do this in a better way.

sanitize_input($_POST);
sanitize_input($_GET);

Code: Select all

if ( ! get_magic_quotes_gpc() ) 
{
    function sanitize_input(&$arr) {    
        foreach($arr as $key=>$value) 
        {           
            if (is_array($value)) 
            {
                sanitize_input($value);
            }           
            $arr[$key] = addslashes($value);            
        }       
    }
}

Re: input process with php - doubt

Posted: Fri Oct 31, 2008 2:59 pm
by requinix
Couple minor issues with your code, but the main point is that you should be using the right function instead of addslashes. For example, with MySQL you should use mysql_real_escape_string to sanitize data.

Code: Select all

if (PHP_VERSION < 6 && get_magic_quotes_gpc()) // magic_quotes was removed in PHP 6
{
    function mres_deep(&$arr)
    {
        foreach ($arr as $key => $value)
        {
            if (is_array($value))
            {
                $arr[$key] = mres_deep($value);
            }
            else
            {
                $arr[$key] = mysql_real_escape_string($value);
            }
        }
    }
    mres_deep($_POST);
    mres_deep($_GET);
    mres_deep($_COOKIE);
}

Re: input process with php - doubt

Posted: Sat Nov 01, 2008 4:28 am
by nithyavivegam
Thank you very much! tasairis

Code: Select all

$arr[$key] = mres_deep($value);
Your code at line no : 9 has a problem.

I am sure the function doesn't return anything but you have tried to assign the return value.
I think that overwrites the existing value and result in a loss of data.