PHP -Sanitize数组的值

时间:2022-01-12 02:21:26

I have a array, which comes from $_POST[] and can have other arrays in it as values, like:

我有一个数组,它来自$ _POST []并且可以在其中包含其他数组,例如:

array(
 'title' => 'Title',
 'data' => array(
             'hdr' => 'Header'
             'bdy' => 'Body'
           ),
  'foo' => array(1, 23, 65),
  ...
)

How can I sanitize all values of this big array? for eg. apply a strip_tags() to values like Title, Header, Body, 1, 23, 65 etc ?

如何清理这个大阵列的所有值?例如。将strip_tags()应用于Title,Header,Body,1,23,65等值?

4 个解决方案

#1


9  

Have a look at array_map

看看array_map

<?php  
$a = array(
'title' => 'Title',
'data' => array(
    'hdr' => 'Header',
    'bdy' => 'Body'
    ),
'foo' => array(1, 23, 65)
);

$b = array_map("strip_tags", $a);
print_r($b);
?>

Update for 2D array:

更新2D数组:

function array_map_r( $func, $arr )
{
    $newArr = array();

    foreach( $arr as $key => $value )
    {
        $newArr[ $key ] = ( is_array( $value ) ? array_map_r( $func, $value ) : ( is_array($func) ? call_user_func_array($func, $value) : $func( $value ) ) );
    }

    return $newArr;
}

Usage:

用法:

$a = array(
'title' => 'Title',
'data' => array(
    'hdr' => 'Header',
    'bdy' => 'Body'
    ),
'foo' => array(1, 23, 65)
); 

$ar =array_map_r('strip_tags', $a);
print_r($ar);

Note I found this just by searching the comments for Dimension

注意我只是通过搜索Dimension的注释找到了这个

#2


47  

Just use the filter extension.

只需使用过滤器扩展。

/* prevent XSS. */
$_GET   = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST  = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);

This will sanitize your $_GET and $_POST.

这将清理你的$ _GET和$ _POST。

#3


3  

function strip($string, $allowed_tags = NULL)
{
    if (is_array($string))
    {
        foreach ($string as $k => $v)
        {
            $string[$k] = strip($v, $allowed_tags);
        }
        return $string;
    }

    return strip_tags($string, $allowed_tags);
}

Just an example of a recursive function, for stripping tags in this case.

只是一个递归函数的例子,在这种情况下剥离标签。

$arr = strip($arr);

#4


0  

Let's say we want to sanitize the $_POST array:

假设我们要清理$ _POST数组:

foreach($_POST as $k=>$v) {$_POST[$k] = htmlspecialchars($v);}

foreach($ _ POST as $ k => $ v){$ _POST [$ k] = htmlspecialchars($ v);}

This simple. Isn't it?

这很简单。不是吗?

#1


9  

Have a look at array_map

看看array_map

<?php  
$a = array(
'title' => 'Title',
'data' => array(
    'hdr' => 'Header',
    'bdy' => 'Body'
    ),
'foo' => array(1, 23, 65)
);

$b = array_map("strip_tags", $a);
print_r($b);
?>

Update for 2D array:

更新2D数组:

function array_map_r( $func, $arr )
{
    $newArr = array();

    foreach( $arr as $key => $value )
    {
        $newArr[ $key ] = ( is_array( $value ) ? array_map_r( $func, $value ) : ( is_array($func) ? call_user_func_array($func, $value) : $func( $value ) ) );
    }

    return $newArr;
}

Usage:

用法:

$a = array(
'title' => 'Title',
'data' => array(
    'hdr' => 'Header',
    'bdy' => 'Body'
    ),
'foo' => array(1, 23, 65)
); 

$ar =array_map_r('strip_tags', $a);
print_r($ar);

Note I found this just by searching the comments for Dimension

注意我只是通过搜索Dimension的注释找到了这个

#2


47  

Just use the filter extension.

只需使用过滤器扩展。

/* prevent XSS. */
$_GET   = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST  = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);

This will sanitize your $_GET and $_POST.

这将清理你的$ _GET和$ _POST。

#3


3  

function strip($string, $allowed_tags = NULL)
{
    if (is_array($string))
    {
        foreach ($string as $k => $v)
        {
            $string[$k] = strip($v, $allowed_tags);
        }
        return $string;
    }

    return strip_tags($string, $allowed_tags);
}

Just an example of a recursive function, for stripping tags in this case.

只是一个递归函数的例子,在这种情况下剥离标签。

$arr = strip($arr);

#4


0  

Let's say we want to sanitize the $_POST array:

假设我们要清理$ _POST数组:

foreach($_POST as $k=>$v) {$_POST[$k] = htmlspecialchars($v);}

foreach($ _ POST as $ k => $ v){$ _POST [$ k] = htmlspecialchars($ v);}

This simple. Isn't it?

这很简单。不是吗?