Jump to content

sanitize filters

jimfog

By jimfog
in PHP

 Share

Recommended Posts

jimfog Dedicated Member

jimfog

Posted
Posted

I found this code in tha php manual, the link is here...http://www.php.net/manual/en/filter.filters.sanitize.php:

array_filter($_POST, 'trim_value');    // the data in $_POST is trimmed$postfilter =    // set up the filters to be used with the trimmed post array    array(            'user_tasks'                        =>    array('filter' => FILTER_SANITIZE_STRING, 'flags' => !FILTER_FLAG_STRIP_LOW),    // removes tags. formatting code is encoded -- add nl2br() when displaying            'username'                            =>    array('filter' => FILTER_SANITIZE_ENCODED, 'flags' => FILTER_FLAG_STRIP_LOW),    // we are using this in the url            'mod_title'                            =>    array('filter' => FILTER_SANITIZE_ENCODED, 'flags' => FILTER_FLAG_STRIP_LOW),    // we are using this in the url        );

What I cannot find to the above code -in the one assigned in the postfilter variable specifically- the reference to the $_POST array.

 

The comment besides the postfilter says..."to be used with the trimmed post array".

I do not see any reference to that array in the code below.

 

As you might guessed I am not so experienced with arrays that's why I need some help here.

 

Link to comment
Share on other sites
Ingolme w3schools Guru

Ingolme

Posted
Posted

$_POST is an array and it's being manipulated here:

array_filter($_POST, 'trim_value');

I assume trim_value is a function that removes whitespace from the left and right of all the strings that the array contains.

Link to comment
Share on other sites
jimfog Dedicated Member

jimfog

Posted
  • Author
Posted (edited)

My question WHERE it is mentioned in the code below:

$postfilter =    // set up the filters to be used with the trimmed post array    array(            'user_tasks'                        =>    array('filter' => FILTER_SANITIZE_STRING, 'flags' => !FILTER_FLAG_STRIP_LOW),    // removes tags. formatting code is encoded -- add nl2br() when displaying            'username'                            =>    array('filter' => FILTER_SANITIZE_ENCODED, 'flags' => FILTER_FLAG_STRIP_LOW),    // we are using this in the url            'mod_title'                            =>    array('filter' => FILTER_SANITIZE_ENCODED, 'flags' => FILTER_FLAG_STRIP_LOW),    // we are using this in the url        );

The writer of the code says "....be used with the trimmed post array".

So, do you see the variable POST anywhere above?

Edited by jimfog
Link to comment
Share on other sites
Ingolme w3schools Guru

Ingolme

Posted
Posted

The filters are being set up, but they haven't been used on the $_POST array yet.

There's more code that you omitted. The following line is this:

 

$revised_post_array = filter_var_array($_POST, $postfilter);    // must be referenced via a variable which is now an array that takes the place of $_POST[]
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...