Menu
I don’t have access to PHP 5, so I can’t use any of the new FILTER functions. However, I want to filter the data coming into my forms to prevent attacks. Is there a reference of pre-written scripts I can use or would I be better off writing my own functions that clean the data?
[code=php]
//-------- POST Func ---------------//
function sanitizepost(&$input) {
foreach ($input as $key => $value) {
$filtervar=somefilterfunction/code applied to $value
// ===== Filtered input reassign ==== //
$input[$key]=$filteredvar;
}
}
[/code]
[code=php]
function sanitizepost(&$input) {
foreach ($input as $key => $value) {
$filteredvar=stripslashes(stripslashes(ereg_replace("[^A-Za-z0-9[:space:]]","",$input)));
// ===== Filtered input reassign ==== //
$input[$key]=$filteredvar;
}
}
[/code]
$filteredvar=stripslashes(stripslashes(ereg_replace("[^A-Za-z0-9[:space:]]","",[B]$value[/B])));
// ===== Filtered input reassign ==== //
$input[$key]=$filteredvar;
}
This is the issue with one-size-fits-all approaches such as this. It is too inflexible. You are usually better off applying appropriate rules to each data item individually.[/QUOTE]
You can identify each item individually if you want to, just by referencing the $key...[/QUOTE]
Kind of defeats the purpose of a function if it can only be used with one set of data. I favour the approach of having a selection of functions which each perform one type of filtering, then calling them as necessary. A function such as the one posted here is going to be far too extreme in a lot of cases.[/QUOTE]
I have my current function working drastically different on 4 different data sets.[/QUOTE]
I'd venture that a function should concentrate on doing one thing only, and doing it well. If it were me, I'd have 4 specialist functions rather than one multi-purpose one. I suppose it's largely a matter of taste. My point really is to advise against blindly running any and all input through a heavy-handed function and assuming you're good to go.[/QUOTE]
[code=php]
function sanitizepost(&$input) {
foreach ($input as $key => $value) {
if ($key != "Checkbox1" || $key != "Checkbox2"){
$filteredvar=stripslashes(stripslashes(ereg_replace("[^A-Za-z0-9[:space:]]","",$value)));
// ===== Filtered input reassign ==== //
$input[$key]=$filteredvar;
}
}
}
[/code]
0.1.9 — BETA 5.29