On Tue, Nov 11, 2008 at 7:15 PM, Walter Lee Davis <[EMAIL PROTECTED]> wrote:
> /**
> * A really nice tool to clean strings or arrays.
> *
> * @param mixed $mxdInput A string or an array
> * @return mixed same as input, but with trim and strip_tags applied
> to string or all elements of array, depending on imput format
> * @author Walter Lee Davis
> */
>
> function clean($mxdInput){
> if(is_string($mxdInput)) return trim(strip_tags($mxdInput));
> $out = array();
> foreach($mxdInput as $k=>$v){
> $out[$k] = clean($v);
> }
> return $out;
> }
>
> $_POST = clean($_POST);
this still doesn't prevent sql injection - you need to use
mysql_escape_string() to "addslashes" based on mysql special
characters.
--
Regards,
The Honeymonster aka Daniel Llewellyn
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Prototype & script.aculo.us" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~----------~----~----~----~------~----~------~--~---
