drisate Posted December 13, 2010 Share Posted December 13, 2010 Hey guys i am using a global filter on my $_POST function filter($str){return htmlentities($str, ENT_QUOTES);} $_POST = array_map('filter', $_POST); It helps me encode the stuff into the database. It works great on all my fields exept my arrays ... Ex: fields like this <input type="text" name="name[]" size="20"> breaks Any sugestions on gething this global filter working? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted December 13, 2010 Share Posted December 13, 2010 You need to make your function recursive. See this recent post - http://www.phpfreaks.com/forums/php-coding-help/best-way-to-clean-a-lot-of-inputs/msg1498920/#msg1498920 Quote Link to comment Share on other sites More sharing options...
Psycho Posted December 13, 2010 Share Posted December 13, 2010 I would also suggest that you should not be using htmlentities on your data before storing it in the database. IMO, you should always maintain data in it's original state when storing it in the database (except for using something such as mysql_real_escape_string() to prevent injection attacks). If you ever need to allow the user to modify the input you then need to try and revert the code back to it's original format which is not easy to do. I always try to store the original data and then determine what modifications, if any, need to be used during runtime based upon the context of where the data is being used. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.