Home/ Questions/Q 8432383
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T06:06:44+00:00

I’m having a bit of a problem with escaping data, or at least, the

  • 0

I’m having a bit of a problem with escaping data, or at least, the cleanliness of the code involved with it.

Let’s say, I’m escaping a textfield named “FirstName” and it looks something like this:

$FirstName = mysqli_real_escape_string($link, $_POST['FirstName']);
$FirstName = preg_replace( "/[<>#$%]/", "", $FirstName);
$FirstName = preg_replace('/\s\s+/', ' ', $FirstName);

Is there anyway I can just put the last 2 lines in some sort of loop, let’s say like this:

foreach($_POST as $name => $value)
{
    $value = preg_replace( "/[<>#$%]/", "", $value);
    $value = preg_replace('/\s\s+/', ' ', $value);
}

where then all I have to do later is 

$FirstName = mysqli_real_escape_string($link, $_POST['FirstName']);

where $_POST[‘FirstName’] has already been stripped of the other characters?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Sure. Make the foreach loop by-reference instead of by-value like so:

    foreach($_POST as $name => &$value)
{
    $value = preg_replace( "/[<>#$%]/", "", $value);
    $value = preg_replace('/\s\s+/', ' ', $value);
}

    Note the ampersand in front of the $value. That means the $value you get as you iterate over the array is a reference to the value in the array itself rather than a copy of that value.

    • 0