I want to strip HTML code from multiple fields. So I used:
extract($_POST)
Then an insertion into the table.
I won't strip each field like:
$user = strip_tags($user);
$email = strip_tags($email);
.....
There is any solution to strip my extract($_POST) array?
The same for mysql_real_escape_string()
EDIT 1 I won"t use
foreach($_POST as $key => $value){
$_POST[$key] = mysql_real_escape_string(strip_tags($value));
}
I want to use the short variable:
$name, $email
$_POST['name'] , $_POST['email']
And without extract() as is deprecated.
Edit 2 the solution is:
foreach($_POST as $key => $value){
$$key = mysql_real_escape_string(strip_tags($value));
}
I guess you want this piece of code
foreach($_POST as $key => $value){
$$key = strip_tags($value);
}
//The insertion here
insertion();
Old
foreach($_POST as $key => $value){
$_POST[$key] = strip_tags($value);
}
extract($_POST);
//The insertion here
insertion();
After that you have all the post fields strip_tagged
You can use array_map() to specify a callback function to each element of a given array.
$_POST = array_map("strip_tags", $_POST);
Edit: Maybe you should specify why you're attempting to escape user input. For example, PHP has specific aids for escaping values that will be added to the database and also for values that will be displayed on the page. As the former could result in an SQL injection and the latter an XSS vulnerability.
Use the filtering functions that PHP provides, specifically in this case you would be interested in filter_input_array:
$filtered = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRIPPED);