18

I am using PHP filter to perfom basic sanitization and validation of form data.

The principle problem I am having is that I mark my form up so that all the data is in one array for the POST input. e.g. form fields, page[name], page[slug], page[body], page[status], etc.

Using the following:

filter_input(INPUT_POST, 'page[name]', FILTER_SANITIZE_STRING);
OR
filter_input(INPUT_POST, "page['name']", FILTER_SANITIZE_STRING);

I am unable to access the variable. Can someone please tell me the correct name to use to access array data using filter_input()

Improve this question
4
  • btw i search like mad on google and turned up nothing. Commented May 3, 2010 at 20:12
  • Are you sure the variable has a value before sanitizing? Commented May 3, 2010 at 20:24
  • @anthony yes it does have a value, if i send it through as name it is fine. just not sure of the notation to access an array key using this filter method. Commented May 3, 2010 at 20:26
  • Not easy at the time, PHP needs to make filter_input_array recursive... For the moment accessing $_POST directly in this case is still much easier. Commented Oct 6, 2014 at 23:39

2 Answers 2

Reset to default
16

I don't think that you can access the single value (easily, as you want), however you could just filter the page array and get the value that you want.

$page = filter_input(INPUT_POST, 'page', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY);
if (array_key_exists('name', $page)) {
    $name = $page['name'];
}

Or, if you're OK with losing the ability to work with the raw input then you could just use:

if (isset($_POST['page']['name'])) {
    $name = filter_var($_POST['page']['name'], FILTER_SANITIZE_STRING);
}

Both, however, are pretty ugly.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

yeah, both are super ugly. i might as well switch the form to single var names, and avoid the problem. shame that is not supported.
Absolutely. Single names are much more convenient (for the filter extension) to work with in your case; unfortunately.
Please check @Fletcher Moore's answer. Very elegant and effective!
8

How about

$_POST['page'] = filter_var_array($_POST['page'], FILTER_SANITIZE_STRING);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.