I think the function arrray_walk_recursive, and array_map are very
useful for dealing with escaping. For instance:
if(get_magic_quotes_gpc()) {
array_walk_recursive($_POST,"stripslashes");
array_walk_recursive($_GET,"stripslashes");
array_walk_recursive($_COOKIE,"stripslashes");
}
You also probably don't want to load up your code with
"mysql_real_escape_string()," so here is an alternative. This is a
good method for fixing bad code because it can be implemented without
a major rewrite.
$sql = prepare("SELECT * FROM users WHERE username='%s' AND
password='%s' ",$POST['username'],$POST['password']);
function prepare() {
$args_array = func_get_args();
for ($i=1;$i<count($args_array);$i++) {
$args_array[$i] = mysql_real_escape_string($args_array[$i]);
}
return call_user_func_array("sprintf",$args_array);
}
-John
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
