Page 1 of 1

Any difference in these sanitizing methods?

Posted: Tue Jul 29, 2008 10:55 am
by big0mike
I got this from the book I'm reading PHP Solutions:

Code: Select all

<?php
function nukeMagicQuotes() {
  if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value) {
      $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
      return $value;
      }
    $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
    }
  }
?>
The page source page has an include for this page and then it calls the function.

The second way was some code offered to me through the WD mailing list:

Code: Select all

// Initialize $input alias:
    $input = array();
    // Clean all input:
    if(ini_get('magic_quotes_gpc')) {
        foreach($_POST as $k => $v) {
        $input[$k] = trim(strip_tags(stripslashes($v)));
    }
    } else {
       foreach($_POST as $k => $v) {
            $input[$k] = trim(strip_tags($v));
        }
    }
I don't know enough to know if either method is better or worse but since I see different code I have to ask. I, of course, want to use the better method... If there is one.

Thanks,

Re: Any difference in these sanitizing methods?

Posted: Tue Jul 29, 2008 12:08 pm
by Mordred
The second is rubbish, throw it away.
The first works, for a given value of "works".
Dig through this: viewtopic.php?f=50&t=74859