I thought about putting my usual warning in there, but I thought it
would be simpler to leave it as originally written.
/**
* A really nice tool to clean strings or arrays.
*
* @param mixed $mxdInput A string or an array
* @return mixed same as input, but with trim and strip_tags applied
to string or all elements of array, depending on imput format
* @author Walter Lee Davis
*/
function clean($mxdInput){
if(is_string($mxdInput)) return trim(strip_tags($mxdInput));
$out = array();
foreach($mxdInput as $k=>$v){
$out[$k] = clean($v);
}
return $out;
}
$_POST = clean($_POST);
Walter
On Nov 11, 2008, at 1:57 PM, Alex Mcauley wrote:
> just FYI i really would not use unsanitized $_POST data in the
> search, it
> can lead to SQL injection
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Prototype & script.aculo.us" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~----------~----~----~----~------~----~------~--~---
