Re: [PHP] foreach and form submission.
Try this... $_POST = array_map('stri_tags', $_POST); Igor Escobar systems analyst interface designer www . igorescobar . com On Sat, Mar 28, 2009 at 6:21 PM, Angus Mann angusm...@pobox.com wrote: Thanks Ashley...that did the trick. After reading about the limitations of strip_tags I decided to just replace the bad bits as below... It still uses your foreach suggestion but replaces and with ( and ) instead of stripping tags. I think I will extend the good and bad arrays to deal with magic quotes also ! $bad = array('','lt;','#60;', '', 'gt;', '#62'); $good = array('(', '(', '(', ')', ')', ')'); foreach ($_POST as $key = $value) { $_POST[$key] = str_ireplace($bad, $good, $value); } I'd do something like this, so as to preserve the original post data array: $data = Array(); foreach($_POST as $key = $value) { $data[$key] = strip_tags($value); } Note that strip_tags() will not be able to decently clean up messy code (i.e. code where the opening or closing tags themselves aren't formed properly) Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] foreach and form submission.
That would be correct. but two things I have to add: * it's called bad style to re-write (override) predefined vars like _POST, _GET, _SERVER ... * using strip_tags() to clean user-input for safe output ist not O.K.! use htmlspecialchars(), at least. Regards, 2009/3/28 Virgilio Quilario virgilio.quila...@gmail.com: Hi all. I'm writing a script that accepts several different forms with different content. Depending on what data is sent with the form the script will do one or the other think. Before the form data is processed I'd like to scrub it of HTML tags. I can do this manually as below but the form may have dozens of items of data so I'd like to automate it. $_POST['name'] = strip_tags($_POST['name']); $_POST['address'] = strip_tags($_POST['address']); $_POST['phone'] = strip_tags($_POST['phone']); I saw a few lines of code once that used foreach on the $_POST array elements and it did not seem to matter how many or what names the elements had. Conceptually like this foreach ($_POST - element) { $_POST-element = strip_tags($_POST-element) } Any ideas please ? Thanks. here, foreach ($_POST as $key = $value) { $_POST[$key] = strip_tags($value); } good luck. virgil http://www.jampmark.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] foreach and form submission.
Hi all. I'm writing a script that accepts several different forms with different content. Depending on what data is sent with the form the script will do one or the other think. Before the form data is processed I'd like to scrub it of HTML tags. I can do this manually as below but the form may have dozens of items of data so I'd like to automate it. $_POST['name'] = strip_tags($_POST['name']); $_POST['address'] = strip_tags($_POST['address']); $_POST['phone'] = strip_tags($_POST['phone']); I saw a few lines of code once that used foreach on the $_POST array elements and it did not seem to matter how many or what names the elements had. Conceptually like this foreach ($_POST - element) { $_POST-element = strip_tags($_POST-element) } Any ideas please ? Thanks.
Re: [PHP] foreach and form submission.
On Sat, 2009-03-28 at 18:28 +1000, Angus Mann wrote: Hi all. I'm writing a script that accepts several different forms with different content. Depending on what data is sent with the form the script will do one or the other think. Before the form data is processed I'd like to scrub it of HTML tags. I can do this manually as below but the form may have dozens of items of data so I'd like to automate it. $_POST['name'] = strip_tags($_POST['name']); $_POST['address'] = strip_tags($_POST['address']); $_POST['phone'] = strip_tags($_POST['phone']); I saw a few lines of code once that used foreach on the $_POST array elements and it did not seem to matter how many or what names the elements had. Conceptually like this foreach ($_POST - element) { $_POST-element = strip_tags($_POST-element) } Any ideas please ? Thanks. I'd do something like this, so as to preserve the original post data array: $data = Array(); foreach($_POST as $key = $value) { $data[$key] = strip_tags($value); } Note that strip_tags() will not be able to decently clean up messy code (i.e. code where the opening or closing tags themselves aren't formed properly) Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] foreach and form submission.
Hi all. I'm writing a script that accepts several different forms with different content. Depending on what data is sent with the form the script will do one or the other think. Before the form data is processed I'd like to scrub it of HTML tags. I can do this manually as below but the form may have dozens of items of data so I'd like to automate it. $_POST['name'] = strip_tags($_POST['name']); $_POST['address'] = strip_tags($_POST['address']); $_POST['phone'] = strip_tags($_POST['phone']); I saw a few lines of code once that used foreach on the $_POST array elements and it did not seem to matter how many or what names the elements had. Conceptually like this foreach ($_POST - element) { $_POST-element = strip_tags($_POST-element) } Any ideas please ? Thanks. here, foreach ($_POST as $key = $value) { $_POST[$key] = strip_tags($value); } good luck. virgil http://www.jampmark.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] foreach and form submission.
Thanks Ashley...that did the trick. After reading about the limitations of strip_tags I decided to just replace the bad bits as below... It still uses your foreach suggestion but replaces and with ( and ) instead of stripping tags. I think I will extend the good and bad arrays to deal with magic quotes also ! $bad = array('','lt;','#60;', '', 'gt;', '#62'); $good = array('(', '(', '(', ')', ')', ')'); foreach ($_POST as $key = $value) { $_POST[$key] = str_ireplace($bad, $good, $value); } I'd do something like this, so as to preserve the original post data array: $data = Array(); foreach($_POST as $key = $value) { $data[$key] = strip_tags($value); } Note that strip_tags() will not be able to decently clean up messy code (i.e. code where the opening or closing tags themselves aren't formed properly) Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php