[Phpwm] escape hell!

Fri Jun 30 06:15:19 BST 2006

alan dunn wrote :
> I have an array  $_arr of  41 elements and about 500 rows, including 
> apostrophes (and other stuff probably!) in some strings. I need to 
> escape the apostrophes and have tried both the following with no success:
> 
> $_arr = str_replace(" ' "," \' ",$_arr);
> 
> and
> 
> foreach ($_arr as $_arr2){
>                        foreach ($_arr2 as $var){$var = addslashes($var);}
>                    }
> can anyone help out?
> thanks, alan dunn

I'd suggest using recursion, as it won't matter if the data structure
changes form at a future date...e.g something like :

function clean($something) {
    if(is_string($something)) {
        return sanitise_string($something);
    }
    elseif(is_array($something)) {
        $tmp = array();
        foreach($something as $key => $value) {
            $tmp[$key] = clean($value);
        }
        return $tmp;
    }
    else {
        // object? int? etc. 
    }
}
function sanitise_string($something) {
    // check if magic_quotes_gpc is enabled; if so, undo it.
    if(get_magic_quotes_gpc()) {
        $something = stripslashes($something);
    }
    // use appropriate escaping mechansim here - e.g.
    // *_real_escape_string, or htmlentities...
    return mysql_real_escape_string($something);
}

Hope that's of some use; I've only written it off the top of my head, so
I can't vouch for it's correctness.

David.
p.s. I've heard people say PHP's recursion is crap - can anyone
comment?

-- 
David Goodwin 

[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk       ]