2

Any ideas why this does not work?

$_POST  = array('edit' => array('name' => 'test'));

die(var_dump(
    filter_var_array($_POST, array(
        'edit["name"]'  => FILTER_SANITIZE_STRING,
        'edit[name]'    => FILTER_SANITIZE_STRING,
    )),
    $_POST
));

How can I sanitize/filter a POST parameter while requiring that it is an array ?

Improve this question
2
  • Because filter_var_array() doesn't work recursively? Commented Jan 28, 2011 at 14:36
  • It does for numbers (integers, doubles, etc.) but I don't think it does with Strings. It's just giving me false when trying to sanitize an array of strings. Commented Jan 28, 2011 at 14:43

3 Answers 3

Reset to default
4

Trim and sanitize nested arrays

$array = $_POST;

array_walk_recursive($array, function (&$v) {
  $v = filter_var(trim($v), FILTER_SANITIZE_STRING);
});

$prepared = $array;
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Didn't know that filter_var_array() does not support recursion. Don't see no reasons why it shouldn't, though. Here is a simple solution:

// 28 01 2010, Gajus Kuizinas
function hp_path_to_array($keys, $value, $data = array())
{
    if(empty($keys))
    {
        return $value;
    }

    $key        = array_shift($keys);

    $data[$key] = hp_path_to_array($keys, $value, $data);


    return $data;
}

function hp_filter_var_array($data, $rules)
{
    $return = array();

    foreach($rules as $k => $options)
    {
        $path   = explode('[', str_replace(']', '', $k));

        if(empty($path))
        {
            continue;
        }

        if(!is_array($options))
        {
            $filter     = $options;
            $options    = array();
        }
        else
        {
            $filter     = $options['filter'];

            unset($options['filter']);
        }

        $value          = $data;

        foreach($path as $key)
        {
            if(isset($value[$key]))
            {
                $value  = $value[$key];
            }
            else
            {
                $value  = NULL;
                break;
            }
        }

        $return += hp_path_to_array($path, filter_var($value, $filter, $options));

        unset($rules[$k]);
    }

    $return += filter_var_array($data, $rules);

    return $return;
}
Improve this answer

Comments

0

There is a filter flag that does just this: it makes sure that your parameter $_POST['edit'] is an array, and that filters/sanitizes the array's elements instead of the parameter itself.

$_POST  = array('edit' => array('name' => 'test'));

die(var_dump(
    filter_var_array($_POST, array(
        'edit' => [
            'filter' => FILTER_SANITIZE_STRING,
            'flags' => FILTER_REQUIRE_ARRAY
        ]
    ))
));
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.