Re: Wrighting to $_POST array

hessiess@hessiess.com wrote:
> I have some code which will loop over the whole $_POST array, runs it
> through mysql_real_escape_string and then writes it all back to the array
> again, which seams to work. Are there any incompatibility problems or such
> like with writing into the $_POST or $_GET array?
>
> function clean_post()
> {
> $npost = array();
>
> while ($value = current($_POST))
> {
> $key = key($_POST);
> $npost += array("$key" => mysql_real_escape_string($value));
> next($_POST);
> }
>
> $_POST = $npost;
> }
>
>
>

There could be problems when introducing slashes if you use other
peoples codes. But if this is for your own code it probably wont matter.

And here is a shorter version of your code :
foreach($_POST as $key=>$val)
$_POST[$key] = mysql_real_escape_string($val);

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Wrighting to $_POST array

Jay Ess wrote:
> hessiess@hessiess.com wrote:
>> I have some code which will loop over the whole $_POST array, runs it
>> through mysql_real_escape_string and then writes it all back to the array
>> again, which seams to work. Are there any incompatibility problems or
>> such
>> like with writing into the $_POST or $_GET array?
>>
>> function clean_post()
>> {
>> $npost = array();
>>
>> while ($value = current($_POST))
>> {
>> $key = key($_POST);
>> $npost += array("$key" => mysql_real_escape_string($value));
>> next($_POST);
>> }
>>
>> $_POST = $npost;
>> }
>>
>>
>>
>
> There could be problems when introducing slashes if you use other
> peoples codes. But if this is for your own code it probably wont matter.
>
> And here is a shorter version of your code :
> foreach($_POST as $key=>$val)
> $_POST[$key] = mysql_real_escape_string($val);
>

But, first, you need to use get_magic_quotes_gpc() to see if magic_quotes_gpc is
turned on. If so, you need to run stripslashes() on your variables before you
run the mysql_real_escape_string() on them.


if ( get_magic_quotes_gpc() ) {
$_POST = array_map('stripslashes', $_POST);
}
$_POST = array_map('mysql_real_escape_string', $_POST);



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Wrighting to $_POST array

I have some code which will loop over the whole $_POST array, runs it
through mysql_real_escape_string and then writes it all back to the array
again, which seams to work. Are there any incompatibility problems or such
like with writing into the $_POST or $_GET array?

function clean_post()
{
$npost = array();

while ($value = current($_POST))
{
$key = key($_POST);
$npost += array("$key" => mysql_real_escape_string($value));
next($_POST);
}

$_POST = $npost;
}




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: Wrighting to $_POST array

--_6e448b76-9d26-47f7-b986-990c3fb93c5f_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable



> But=2C first=2C you need to use get_magic_quotes_gpc() to see if magic_qu=
otes_gpc is
> turned on. If so=2C you need to run stripslashes() on your variables bef=
ore you
> run the mysql_real_escape_string() on them.
>=20
>=20
> if ( get_magic_quotes_gpc() ) {
> $_POST =3D array_map('stripslashes'=2C $_POST)=3B
> }
> $_POST =3D array_map('mysql_real_escape_string'=2C $_POST)=3B

I would totally remove magic_quotes_gpc rather than this for each request:

if ( get_magic_quotes_gpc() ) {

$_GET =3D array_map('stripslashes'=2C $_GET)=3B
$_POST =3D array_map('stripslashes'=2C $_POST)=3B
// $_REQUEST =3D array_map('stripslashes'=2C $_REQUEST)=3B


$_COOKIES =3D array_map('stripslashes'=2C $_COOKIES)=3B
}

there is a reason if magic_quotes has been removed by PHP defaults since ag=
es

Regards
=0A=
____________________________________________________________ _____=0A=
Windows Live: Make it easier for your friends to see what you=92re up to on=
Facebook.=0A=
http://www.microsoft.com/middleeast/windows/windowslive/see- it-in-action/so=
cial-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:WL:en -xm:SI_SB_2:092=
009=

--_6e448b76-9d26-47f7-b986-990c3fb93c5f_--