Array Map

March 22, 2006 1 Comment

Easily one of the most useful functions in PHP.

In order to protect against SQL/code injection attacks, developers are encouraged to sanitize your input. This gets to be a little bit of a hassle applying sanitation functions to 200 form variables and 8 URL variables.

The answer? Array Map.

$_GET = array_map(“sanitize”, $_GET);
$_POST = array_map(“sanitize”, $_POST);

Sanitize is a user-defined function that employs strip_tags and trim, among other hacker defeating elements.

It’s that easy. )

Advertisements

Filed under Personal Tagged with

About andyhillky
I'm cool.

One Response to Array Map

  1. Stephen Mizell says:
    March 25, 2006 at 22:40

    Very cool, never heard of that one. I’m going to write that down for future use.

    One method I have seen before is the use of the sprintf() function and the mysql_real_escape_string() function. The page that kinda explains it better than I could is at:
    http://us2.php.net/manual/en/function.mysql-real-escape-string.php

    Of course, if you’re using Ruby on Rails, it does this all for you.

    Post.find(:all, :conditions => [“shortname = ?”, shortname])

    The stuff in the square brackets works much like sprintf() in php.

    Of course you could just put Post.do_everything and rails will do everything for you, even draw your graphics in Photoshop.

%d bloggers like this: