Array Map
March 22, 2006 1 Comment
Easily one of the most useful functions in PHP.
In order to protect against SQL/code injection attacks, developers are encouraged to sanitize your input. This gets to be a little bit of a hassle applying sanitation functions to 200 form variables and 8 URL variables.
The answer? Array Map.
$_GET = array_map(“sanitize”, $_GET);
$_POST = array_map(“sanitize”, $_POST);
Sanitize is a user-defined function that employs strip_tags and trim, among other hacker defeating elements.
It’s that easy.
Advertisements
Very cool, never heard of that one. I’m going to write that down for future use.
One method I have seen before is the use of the sprintf() function and the mysql_real_escape_string() function. The page that kinda explains it better than I could is at:
http://us2.php.net/manual/en/function.mysql-real-escape-string.php
Of course, if you’re using Ruby on Rails, it does this all for you.
Post.find(:all, :conditions => [“shortname = ?”, shortname])
The stuff in the square brackets works much like sprintf() in php.
Of course you could just put Post.do_everything and rails will do everything for you, even draw your graphics in Photoshop.