Re: [PHP] foreach and form submission.

2009-03-30 Thread Igor Escobar 
Try this...
$_POST = array_map('stri_tags', $_POST);



Igor Escobar
systems analyst  interface designer
www . igorescobar . com



On Sat, Mar 28, 2009 at 6:21 PM, Angus Mann angusm...@pobox.com wrote:

 Thanks Ashley...that did the trick.
 After reading about the limitations of strip_tags I decided to just replace
 the bad bits as below...
 It still uses your foreach suggestion but replaces  and  with (
 and ) instead of stripping tags.

 I think I will extend the good and bad arrays to deal with magic quotes
 also !

 $bad = array('','lt;','#60;', '', 'gt;', '#62');
 $good = array('(', '(', '(', ')', ')', ')');
 foreach ($_POST as $key = $value) {
 $_POST[$key] = str_ireplace($bad, $good, $value);

 }





  I'd do something like this, so as to preserve the original post data
 array:

 $data = Array();
 foreach($_POST as $key = $value)
 {
   $data[$key] = strip_tags($value);
 }

 Note that strip_tags() will not be able to decently clean up messy code
 (i.e. code where the opening or closing tags themselves aren't formed
 properly)


 Ash
 www.ashleysheridan.co.uk




 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach and form submission.

2009-03-30 Thread Jan G.B. 
That would be correct. but two things I have to add:

* it's called bad style to re-write (override) predefined vars like
_POST, _GET, _SERVER ...
* using strip_tags() to clean user-input for safe output ist not O.K.!
use htmlspecialchars(), at least.

Regards,


2009/3/28 Virgilio Quilario virgilio.quila...@gmail.com:
 Hi all.

 I'm writing a script that accepts several different forms with different 
 content. Depending on what data is sent with the form the script will do one 
 or the other think.

 Before the form data is processed I'd like to scrub it of HTML tags.

 I can do this manually as below but the form may have dozens of items of 
 data so I'd like to automate it.

 $_POST['name'] = strip_tags($_POST['name']);
 $_POST['address'] = strip_tags($_POST['address']);
 $_POST['phone'] = strip_tags($_POST['phone']);

 I saw a few lines of code once that used foreach  on the $_POST array 
 elements and it did not seem to matter how many or what names the elements 
 had.

 Conceptually like this

 foreach ($_POST - element) {
    $_POST-element = strip_tags($_POST-element)
 }

 Any ideas please ?

 Thanks.


 here,

 foreach ($_POST as $key = $value) {
  $_POST[$key] = strip_tags($value);
 }

 good luck.

 virgil
 http://www.jampmark.com

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] foreach and form submission.

2009-03-28 Thread Angus Mann 
Hi all.

I'm writing a script that accepts several different forms with different 
content. Depending on what data is sent with the form the script will do one or 
the other think.

Before the form data is processed I'd like to scrub it of HTML tags.

I can do this manually as below but the form may have dozens of items of data 
so I'd like to automate it.

$_POST['name'] = strip_tags($_POST['name']);
$_POST['address'] = strip_tags($_POST['address']);
$_POST['phone'] = strip_tags($_POST['phone']);

I saw a few lines of code once that used foreach  on the $_POST array 
elements and it did not seem to matter how many or what names the elements had.

Conceptually like this

foreach ($_POST - element) {
$_POST-element = strip_tags($_POST-element)
}

Any ideas please ?

Thanks.

Re: [PHP] foreach and form submission.

2009-03-28 Thread Ashley Sheridan 
On Sat, 2009-03-28 at 18:28 +1000, Angus Mann wrote:
 Hi all.
 
 I'm writing a script that accepts several different forms with different 
 content. Depending on what data is sent with the form the script will do one 
 or the other think.
 
 Before the form data is processed I'd like to scrub it of HTML tags.
 
 I can do this manually as below but the form may have dozens of items of data 
 so I'd like to automate it.
 
 $_POST['name'] = strip_tags($_POST['name']);
 $_POST['address'] = strip_tags($_POST['address']);
 $_POST['phone'] = strip_tags($_POST['phone']);
 
 I saw a few lines of code once that used foreach  on the $_POST array 
 elements and it did not seem to matter how many or what names the elements 
 had.
 
 Conceptually like this
 
 foreach ($_POST - element) {
 $_POST-element = strip_tags($_POST-element)
 }
 
 Any ideas please ?
 
 Thanks.
I'd do something like this, so as to preserve the original post data
array:

$data = Array();
foreach($_POST as $key = $value)
{
$data[$key] = strip_tags($value);
}

Note that strip_tags() will not be able to decently clean up messy code
(i.e. code where the opening or closing tags themselves aren't formed
properly)


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach and form submission.

2009-03-28 Thread Virgilio Quilario 
 Hi all.

 I'm writing a script that accepts several different forms with different 
 content. Depending on what data is sent with the form the script will do one 
 or the other think.

 Before the form data is processed I'd like to scrub it of HTML tags.

 I can do this manually as below but the form may have dozens of items of data 
 so I'd like to automate it.

 $_POST['name'] = strip_tags($_POST['name']);
 $_POST['address'] = strip_tags($_POST['address']);
 $_POST['phone'] = strip_tags($_POST['phone']);

 I saw a few lines of code once that used foreach  on the $_POST array 
 elements and it did not seem to matter how many or what names the elements 
 had.

 Conceptually like this

 foreach ($_POST - element) {
    $_POST-element = strip_tags($_POST-element)
 }

 Any ideas please ?

 Thanks.


here,

foreach ($_POST as $key = $value) {
  $_POST[$key] = strip_tags($value);
}

good luck.

virgil
http://www.jampmark.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach and form submission.

2009-03-28 Thread Angus Mann 

Thanks Ashley...that did the trick.
After reading about the limitations of strip_tags I decided to just replace 
the bad bits as below...
It still uses your foreach suggestion but replaces  and  with ( 
and ) instead of stripping tags.


I think I will extend the good and bad arrays to deal with magic quotes also 
!


$bad = array('','lt;','#60;', '', 'gt;', '#62');
$good = array('(', '(', '(', ')', ')', ')');
foreach ($_POST as $key = $value) {
$_POST[$key] = str_ireplace($bad, $good, $value);
}






I'd do something like this, so as to preserve the original post data
array:

$data = Array();
foreach($_POST as $key = $value)
{
   $data[$key] = strip_tags($value);
}

Note that strip_tags() will not be able to decently clean up messy code
(i.e. code where the opening or closing tags themselves aren't formed
properly)


Ash
www.ashleysheridan.co.uk





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php