PHP: How to mass replace $_POST[...] with strip_tags($_POST[...])

php forms input sanitize strip-tags
Mike Turley picture Mike Turley · Aug 25, 2010 · Viewed 10k times · Source

I'm currently recovering from a nasty XSS attack, and realized I never sanitized inputs on several of the forms on my site. I used Notepad++'s Find In Files feature to search for $_POST in all my PHP files, and got almost 5,000 results. Now, I really don't want to go and manually add strip_tags to every one of those results, but a replace-all wouldn't do the trick... and I'm a total noob when it comes to things like regular expressions.

Is there any way to make this a little less tedious?

Answer

matpie picture matpie · Aug 25, 2010

Just use array_map().

$Clean = array_map('strip_tags', $_POST);

Or if you want it to go back to the $_POST variable:

$_POST = array_map('strip_tags', $_POST);

It's probably a better idea though to use a different variable and change all occurrence of $_POST to $Clean in your files.

Related questions

How to set a class attribute to a Symfony2 form input

How can I set the HTML class attribute to a form <input> using the FormBuilder in Symfony2 ? Something like this: ->add('birthdate', 'date',array( 'input' => 'datetime', 'widget' => 'single_text', 'attr' => array( 'class' => …

Read More
PHP creating an array from form input fields

I'm trying to create an array to store numbers and add them together. <input type="number" name="numbers[]"/> I'm getting an undefined variable on the following line foreach($numbers as $number) I'm sure this is probably something basic …

Read More
Laravel form inputs - how to set maxlength

Maximal length of HTML inputs can be set by: <input type="text" name="" maxlength="10"> Is there a way how to set maxlength of form input when creating inputs in Laravel way? {{ Form::text('name', null, array('placeholder' => …

Read More