rocknbil - 4:44 pm on Sep 21, 2011 (gmt 0)

For starters, you can modify the $_POST variables directly. No need to store them in new variables, all this does is take up more memory and makes for more programming work.

foreach ($_POST as $key => $value) {
$_POST[$key] = clean($value);
}

The only real down side of that is you'd need to "undo" the alterations if you want to display the post variables on a page afterward. They\'d <- probably look like that. :-) In that case,

$qs = Array();
foreach ($_POST as $key => $value) {
$qs[$key] = clean($value);
}

... and use $qs from that point forward.



A few things about your clean routine: it will **only** work if you've previously opened a mySQL connection (mysql_real_escape_string) and appears to do some basic database cleansing but doesn't really "cleanse" the data for other types of attacks. But it's a good start.