Page 1 of 1

hardening an array

Posted: Tue Jan 18, 2005 11:11 am
by magicrobotmonkey
Here's the scenario. I've got an array of items for lookup in a db. I want to be able to go

Code: Select all

$findIn = implode("', '", $arrayItems);
$query = "SELECT * FROM `table` WHERE `ID` IN ('".$findIn."');";
I can't just do this, though, because the array of items came from user input. Specifically, from a text box exploded into the array. I can't addslashes before putting items into the array because I do all sorts of comparisons and what not on the array before it gets to this point. I don't want to loop through it becuase it could be big and I am trying to be optimal. I obviously can't addslashes after the implosion because I'm putting those quotes in there, which I need because it is an alphanumeric field and could have spaces.

So, any ideas?

Posted: Tue Jan 18, 2005 11:15 am
by malcolmboston
cant you addslashes also on the data your comparing it to?

Posted: Tue Jan 18, 2005 11:33 am
by feyd
array_walk() maybe?

Posted: Tue Jan 18, 2005 12:51 pm
by magicrobotmonkey
Malcom: once you start adding/stripping slashes unecesarily, things just go downhill

feyd: close, but because it now passes the values and the keys, the built in stripslashed didn't like the number of params. I used array_map instead:

Code: Select all

$findIn = implode("', '",array_map('addslashes', $arrayItems));
$query = "SELECT * FROM `table` WHERE `ID` IN ('".$findIn."');";
Right idea though. Next time I'll read the ol manual first....