Home/ Questions/Q 6187883
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T02:08:08+00:00

again with another problem. public function __construct() { $_GET = $this->clean($_GET); $_POST = $this->clean($_POST);

  • 0

again with another problem. 

public function __construct() {
    $_GET = $this->clean($_GET);
    $_POST = $this->clean($_POST);
    ...

}

public function clean($data) {
    if (is_array($data)) {
        foreach ($data as $key => $value) {
            unset($data[$key]);

            $data[$this->clean($key)] = $this->clean($value);
        }
    } else { 
        $data = htmlspecialchars($data, ENT_COMPAT, 'UTF-8');
    }

    return $data;
}

i dont understand why $data[$this->clean($key)] = $this->clean($value); is calling its own function. what is the point of doing this? the advantages

thanks,
daniel

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s a technique called recursion. This particular function descends into the structure until it is dealing with very simple data and sanitizes it all.

    Given this:

    $arr = array (
   '<foo' => array(
       'bat' => 'OMGWTFBBQ!!><!?!'
   ),
   'bar' => 'baz'
);

    It would start:

    1. is arr an array?
      1. is <foo an array? (no)
        • <foo becomes &lt;foo
        • &lt;foo used as a key
      2. is the value of <foo an array? (yes)
        1. Is bat an array? (no)
          • bat remains as is (still has htmlspecialchars called, but it does not change anything))
        2. Is 'OMGWTFBBQ!!><!?!' an array (no)?
          • 'OMGWTFBBQ!!><!?!' is converted to 'OMGWTFBBQ!!&gt;&lt;!?!'
          • 'OMGWTFBBQ!!&gt;&lt;!?!' is used for the value for bat.
      3. Is ‘bar’ an array? (no)
        1. bar returned as is (like bat above)
        2. Is baz an array? (no)
          • baz returned as is.

    You can think of it this way

    $arr = array (
   '<foo' => array(
       'bat' => 'OMGWTFBBQ!!><!?!'
   ),
   'bar' => 'baz'
);

///////////////////////////////////////////
array (
   clean('<foo') => array(
       'bat' => 'OMGWTFBBQ!!><!?!'
   ),
   'bar' => 'baz'
);

///////////////////////////////////////////
array (
   '&lt;foo' => clean( array(
       'bat' => 'OMGWTFBBQ!!><!?!'
   )),
   'bar' => 'baz'
);

///////////////////////////////////////////
array (
   '&lt;foo' => array(
       clean( 'bat' ) => 'OMGWTFBBQ!!><!?!'
   )),
   'bar' => 'baz'
);

///////////////////////////////////////////
array (
   '&lt;foo' => array(
       'bat' => clean( 'OMGWTFBBQ!!><!?!' )
   )),
   'bar' => 'baz'
);

///////////////////////////////////////////
array (
   '&lt;foo' => array(
       'bat' => 'OMGWTFBBQ!!&gt;&lt;!?!'
   )),
  clean( 'bar' ) => 'baz'
);
///////////////////////////////////////////
array (
   '&lt;foo' => array(
       'bat' => 'OMGWTFBBQ!!&gt;&lt;!?!'
   )),
  'bar' => clean( 'baz' )
);
///////////////////////////////////////////
return array (
   '&lt;foo' => array(
       'bat' => 'OMGWTFBBQ!!&gt;&lt;!?!'
   )),
  'bar' => 'baz'
);
    • 0