I thought about putting my usual warning in there, but I thought it  
would be simpler to leave it as originally written.

/**
  * A really nice tool to clean strings or arrays.
  *
  * @param mixed $mxdInput A string or an array
  * @return mixed same as input, but with trim and strip_tags applied  
to string or all elements of array, depending on imput format
  * @author Walter Lee Davis
  */

function clean($mxdInput){
        if(is_string($mxdInput)) return trim(strip_tags($mxdInput));
        $out = array();
        foreach($mxdInput as $k=>$v){
                $out[$k] = clean($v);
        }
        return $out;
}

$_POST = clean($_POST);

Walter

On Nov 11, 2008, at 1:57 PM, Alex Mcauley wrote:

> just FYI i really would not use unsanitized $_POST data in the  
> search, it
> can lead to SQL injection


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to