3

Is there a way to filter/sanitize multi-dimensional POST data with PHP's filter_input_array?

Given a form which results in following POST data:

$_POST[
    'level1a' => [
        'level2a' => [
            'key1' => 'value1',
            'key2' => 'value2'
        ],
        'level2b' => [
            'key1' => 'value1',
            'key2' => 'value2'
        ]
    ],
    'level1b' => [
        'level2a' => [
            'key1' => 'value1',
            'key2' => 'value2'
        ],
        'level2b' => [
            'key1' => 'value1',
            'key2' => 'value2'
        ]
    ]
]

I don't see a way to tell the filter_input_array function that the data to check is nested one level deeper. There seems to be only the flag FILTER_REQUIRE_ARRAY, but no way to tell on which level it needs to check.

Working example with less dimensions:

If it was just a less nested set of data, it would be pretty simple:

$_POST[
    'level1a' => [
        'level2a' => 'value1',
        'level2b' => 'value2'
    ],
    'level1b' => [
        'level2a' => 'value1',
        'level2b' => 'value2'
    ]
]

Could be filtered with:

$args = array(
    'level1a' => array(
        'filter' => FILTER_SANITIZE_STRING, 
        'flags' => FILTER_REQUIRE_ARRAY
    ),
    'level1b' => array(
        'filter' => FILTER_SANITIZE_STRING, 
        'flags' => FILTER_REQUIRE_ARRAY
    )
);
$form_data = filter_input_array(INPUT_POST, $args);

But how to solve it with more nested data? Is there a way without splitting/flattening the POST data?

Improve this question
4
  • 1
    You can probably fairly easily write a recursive function to run filter_input_array on some data and then recurse to inner arrays. Commented Sep 10, 2015 at 11:56
  • I am working on a similar issue right now. I'll let you know what I come up with. Commented Dec 17, 2015 at 12:54
  • I might try engineering my HTML form so that it creates only scalars and/or two-dimensional arrays. Since $_POST and INPUT_POST are not the same, flattening $_POST will not have any effect on INPUT_POST. In the pure sense, I think you would want to leave $_POST out of it. My suggestion is for you to flatten your HTML form if at all possible, instead of the input source array. Yes, trickery can be done, but at what cost? Processing time? Maintenance? Documentation? Once you get beyond two dimensions, PHP leaves you to your own devices. :) Notice there is no INPUT_FILES. Commented Dec 17, 2015 at 13:36
  • 1
    You can try the second idea in this answer stackoverflow.com/a/4995863 Commented Jul 27, 2016 at 16:32

1 Answer 1

Reset to default
4 
/**
* Trim and filter every value in the nested array
*/
function filter(array &$array)
{
    array_walk_recursive($array, function (&$value) {
         $value = filter_var(trim($value), FILTER_SANITIZE_STRING);
    });

    return $array;
}

/**
* Get filtered POST data
*/
function post(){
  return filter($_POST);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.