> On Jan 21, 2008 3:22 AM, nihilism machine <[EMAIL PROTECTED]> wrote: > > I'm trying to create a function that will first take an array of > > $_POSTs and give them key/value pairs like variables. For instance, if > > i had $_POST['whatever'] = "whatever", that would be made into > > $whatever = "whatever", then i can clean for sql injection and xss. > > any ideas here?
i use a combination of php.net/filter, bounds checking for integers/etc, appropriate text escaping (i.e. like mysql_escape_string) prior to any db queries with text data, intval($var) on anything needing to be converted to integer (although filter will do that for you too) also - suhosin might help with some things. i run both the patch and the module. > Consider usage of a 3rd party lib like Inspekt: > http://code.google.com/p/inspekt/ i'll look at this too, thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
