PHP: How to mass replace $_POST[...] with strip_tags($_POST[...])

php forms input sanitize strip-tags
10,240

Solution 1

Just use array_map().

$Clean = array_map('strip_tags', $_POST);

Or if you want it to go back to the $_POST variable:

$_POST = array_map('strip_tags', $_POST);

It's probably a better idea though to use a different variable and change all occurrence of $_POST to $Clean in your files.

Solution 2

Hmm, I think array_walk_recursive would do the trick:

function custom_strip(&$val, $index) {
   $val = strip_tags($val);
}
array_walk_recursive($_POST, 'custom_strip');

Solution 3

you can put this in a file (e.g safe.php)

foreach ($_POST as $key => $value) {
  $_POST[$key] = is_array($key) ? $_POST[$key]: strip_tags($_POST[$key]);
}

Then put require_once("safe.php"); in every each of your php files (or a file that all of your php file already included )
It's an ugly hack.. but it may save your time.

Share:
10,240
Mike Turley
Author by

Mike Turley

Updated on June 18, 2022

Comments

  • Mike Turley
    Mike Turley almost 2 years

    I'm currently recovering from a nasty XSS attack, and realized I never sanitized inputs on several of the forms on my site. I used Notepad++'s Find In Files feature to search for $_POST in all my PHP files, and got almost 5,000 results. Now, I really don't want to go and manually add strip_tags to every one of those results, but a replace-all wouldn't do the trick... and I'm a total noob when it comes to things like regular expressions.

    Is there any way to make this a little less tedious?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to gray out HTML form inputs?
Get post values when the key is unknown in CodeIgniter
Get user input from form, write to text file using php
how to get the value of form input box in codeigniter
Show a different value from an input that what will be received as php
Can you re-populate file inputs after failed form submission with PHP or JavaScript?
How to set a class attribute to a Symfony2 form input
How to change TextField value without having to delete it first (Flutter)
Trim() input value of any TextField in a Form by default in flutter app
File upload not working with $_FILES