filter all get/post and use some information

Question

I wanted to filter and then put all the values of POST and GET in a variable named after the key so I came up with this code.

foreach($_REQUEST as $key => $value){
   $$key = mysql_real_escape_string(htmlspecialchars($value));
}

Then I want to use these variables inside a function? How can I do that?

funciton get_all_posts(){
    //return some information from the the new variable
    return $username;
    return $email;
    //return what ever I want to return from POST/GET using the new variables
}

echo get_all_posts();

Why don't u just use the array as it is ? Now you're just making copies of the same vars ? — DarkBee, Jul 30 '13 at 06:30
FYI, a central sanitation function is okay if you know exactly what you're doing but chances are you are breaking your data in ways that aren't really necessary. Related: [The ultimate clean/secure function](http://stackoverflow.com/q/4223980) — Pekka, Jul 30 '13 at 06:31

score 3 · Answer 1 · answered Jul 30 '13 at 06:44

3

no need to pass these information just refine like this and use as it is

foreach($_REQUEST as $key => $value){
   $_REQUEST[$keys] = mysql_real_escape_string(htmlspecialchars($value));
}

answered Jul 30 '13 at 06:44

Rajeev Ranjan

4,152
3
28
41

score 0 · Answer 2 · answered Jul 30 '13 at 06:36

0

you can use something like this

$array = array();
foreach($_REQUEST as $key => $value){
   $array[$key] = mysql_real_escape_string(htmlspecialchars($value));
}

funciton get_all_posts($arr){
    //return some information from the the new variable

    // you can use $arr inside function 

    return $username;
    return $email;
    //return what ever I want to return from POST/GET using the new variables
}

echo get_all_posts($array);

I hope it will help

answered Jul 30 '13 at 06:36

Sonu Sindhu

1,752
15
25

3

This is just silly.. Creating a new array to store other array's data in... Waste of resources imho – DarkBee Jul 30 '13 at 06:38
@DarkBee you can use direct request like get_all_posts($_REQUEST) – Sonu Sindhu Jul 30 '13 at 06:39
@DarkBee we used another array because Keith used mysql_real_escape_string – Sonu Sindhu Jul 30 '13 at 06:42

score 0 · Answer 3 · answered Jul 30 '13 at 06:41

0

you can directly use.

extract($_REQUEST);

then directly use $username; inside your function

Thanks, Divyang

answered Jul 30 '13 at 06:41

divyang asodiya

126
6

hehe you can not used direct variable in a function – Sonu Sindhu Jul 30 '13 at 06:43
What will happen to the filter? – Keith Varias Jul 30 '13 at 06:45

score 0 · Answer 4 · answered Jul 30 '13 at 06:53

I give you an example

function security ( &$data) {
    return is_array( $data ) ? array_map('security', $data) : mysql_real_escape_string(htmlspecialchars( $data, ENT_QUOTES ));
}

$_REQUEST['s'] = '"Hello"';
$_REQUEST['y'] = 'World\'s';

$_REQUEST = security( $_REQUEST );

print_r( $_REQUEST );


function get_all_posts() {
    extract($_REQUEST);
    //return some information from the the new variable
    return $s;
    return $y;
    //return what ever I want to return from POST/GET using the new variables
}

echo get_all_posts();

score 0 · Answer 5 · answered Jul 30 '13 at 06:53

I'll personal suggest to use predefined array indexed with key

$request_array=array('username'=>'','password'=>'');

as it will be easy to handle with new added variable(which is not planned at first). However you have another option to do this by class.

class stackoverflow{

    public $username;
     function __construct($mysqli){}

    //some function filter and store $this->username=$mysqli->real_escape_string($value);
     //some function able to use $this->username;
}

$request=new stackoverflow($mysqli);
$request->filter_request();
$request->get_all_post();

filter all get/post and use some information

5 Answers5