Hiya peoples.
I've got a little function, and what it does is looks at any variable you pass to it, and runs a couple of functions on it (Using it to strip whitespace, escape slashes). Works great for a single dimension array, or a single variable, but when it goes into a multidimensional array we start having problems. It will only go down one level, and I can't think of the logic so it will go down however many dimensions there are in the particular array.
Here's what I've got:
function clean_input($needle) {
/*
Date Created: 09/04/2003
Last Updated: 13/06/2003
This function is used to clean up user input before it goes near a
database. This is to prevent malicious users from escaping the SQL and
crafting sql injections, allowing access to things they aren't supposed
to have access to. It will accept any kind of input. Should be used as
follows:
$clean = clean_input($dirty);
mysql_query("SELECT * FROM foo WHERE bar='$clean'");
If you don't do this, a user can enter (e.g.) a password like "pw' OR 1=1--".
As such, this query will ALWAYS return a result.
*/
if(is_array($needle)) {
$haystack = array();
foreach($needle as $k=>$v) {
$haystack[$k] = (!get_magic_quotes_gpc()) ? mysql_escape_string($v) : $v;
$haystack[$k] = trim($haystack[$k]);
}
} else {
$haystack = (!get_magic_quotes_gpc()) ? mysql_escape_string($needle) : $needle;
$haystack = trim($haystack);
}
return $haystack;
}
Any help would be appreciated,
Matt
