Data Cleanse of $_REQUEST array

captainmerton · 11-25-2010, 08:50 AM

Hi - i'm pulling all input to drive my site from the php $_REQUEST variable and to protect my site from malicious input i want to find a neat way to loop through the $_REQUEST array and cleanse it probably by running a mysql function to remove injection code and also a php strip tags routine. How can i do this and repopulate each REQUEST parameter when i wont necessarily know what variables are set eg. sometimes it might be $_REQUEST['username'] sometimes other stuff but different depending on which command i am processing. Any ideas? Thanks.

Village Idiot · 11-25-2010, 06:33 PM

Quote:

Originally Posted by captainmerton

Hi - i'm pulling all input to drive my site from the php $_REQUEST variable and to protect my site from malicious input i want to find a neat way to loop through the $_REQUEST array and cleanse it probably by running a mysql function to remove injection code and also a php strip tags routine. How can i do this and repopulate each REQUEST parameter when i wont necessarily know what variables are set eg. sometimes it might be $_REQUEST['username'] sometimes other stuff but different depending on which command i am processing. Any ideas? Thanks.

$_REQUEST is an array, use foreach.

Enfernikus · 11-25-2010, 10:13 PM

Alternatively you can make use of the excellent array_map function

Code:

$array = array_map('clean', $array);

captainmerton · 11-26-2010, 12:51 PM

array_map is exactly what i'm looking for just looked it up. Thanks.

captainmerton · 11-27-2010, 09:33 AM

Can't get this to work. Here's my code all within a class:

Quote:

function init() {
$this->properties = REQUEST;
$this->properties = array_map('$this->clean()',$this->properties);
}

function clean($variable) {
return strip_tags($variable);
}

captainmerton · 11-27-2010, 09:35 AM

I always get a php error "The first argument $this->clean should be either NULL or a valid callback. Any thoughts? Got a feeling I'm doing sonthing stupid. Tried everything in the function field I.e. 'clean'.

Enfernikus · 11-28-2010, 04:59 AM

The first argument, the callback, doesn't work that way.

For functions, we can provide a string argument
For static methods we provide an array of the Class and the Static Method
for methods within objects, we provide the object and the method name, so...

array_map(array($obj, 'clean'), $arr);

captainmerton · 11-28-2010, 01:38 PM

I get it now. For $obj i pointed the class to itself with $this and that has made it work. Thanks for your help. Cheers.