0

This are my php functions:

function test($a,$b,$c) {
 sanitize($a,$b,$c);
 echo "$a $b $c";
}

function test2($m,$n) {
 sanitize($m,$n);
 echo "$m $n";
}

function sanitize() {
 // escape strings with stripslashes (and other filters later)
}

test2("he'llo", "wo'rld");
test("he'llo", "wo'rld","hap'y");

Is it possible to keep test and test2 function ?

I just want to avoid having 3 lines : 

$a=sanitize($a); 
$b=sanitize($b);
$c=sanitize($c);

and have just: 

sanitize($a, $b, $c);
Steve
  • 20,703
  • 5
  • 41
  • 67
yarek
  • 11,278
  • 30
  • 120
  • 219
  • 2
    Wouldn't it be easier to just turn [magic quotes](http://php.net/manual/en/security.magicquotes.php) off? – Mike Oct 29 '15 at 21:13
  • not really because I will make other treatment that just stripslahes – yarek Oct 29 '15 at 21:14
  • Can you clarify your question? What do you mean by "without having to use some array structures"? – Mike Oct 29 '15 at 21:15
  • looks like filter_var_array needs array as input: that's what I try to avoid; I want keep test and test2 as they are – yarek Oct 29 '15 at 21:16
  • 1
    You have to use & (ampersand) to create references to the parameters. Otherwise your sanitize and echo are parallel – Emery King Oct 29 '15 at 21:17
  • Can you use filter_var()? – Mike Oct 29 '15 at 21:17
  • filter_var: why not ? but how ? – yarek Oct 29 '15 at 21:18
  • See the manual for usage: http://php.net/filter_var – Mike Oct 29 '15 at 21:19
  • As a general design principle, you should avoid having tainted (i.e. unsanitized) data cropping up all over the place in your code. It would make a lot more sense if you applied the sanitization function to your input data as soon as is is received; e.g., `$user_name = sanitize($_POST['user']);` – r3mainer Oct 29 '15 at 21:19
  • Also check this: http://php.net/manual/en/function.func-get-args.php – Turcia Oct 29 '15 at 21:21
  • I just want to avoid having 3 lines : $a=sanitize($a); $b=sanitize($b);$c=sanitize($c) and have just: sanitize($a, $b, $c) – yarek Oct 29 '15 at 21:21
  • @yarek I am guessing the question about magic quotes was rhetorical. Having magic quotes on is never a good idea unless you need it for compatibility with old source code. There is a reason it was completely removed from the language. `array_map` is the easiest thing to use to do what you want though. – Tim Seguine Oct 29 '15 at 21:25
  • Make function return could this answer help you http://stackoverflow.com/questions/33411455/sanitizing-input-but-output-not-as-expected/33422814#33422814 – Maytham Fahmi Oct 29 '15 at 21:27

3 Answers3

4

Php 5.6+

function sanitize( &...$args){
    foreach($args as &$arg){
        //your sanitising code here, eg:
       $arg = strtolower($arg);
    }
}
Steve
  • 20,703
  • 5
  • 41
  • 67
3

func_get_args returns all arguments to a function as an array. array_map applies a function to all members of an array.

<?php
function test() {
    $arguments = func_get_args();
    $cleaned = array_map('sanitize', $arguments);
    echo implode(" ", $cleaned);
}

// one liner, for those who like such things!
function test2() {echo implode(" ", array_map('sanitize', func_get_args()));}
?>

By the way, echoing from a function is not good form. You should be returning the value instead...

miken32
  • 42,008
  • 16
  • 111
  • 154
  • My goal is to KEEP test and test2 eaxctly the way they are and just implement sanitize – yarek Oct 29 '15 at 21:38
  • That will be very tricky since `func_get_args()` can't do things by reference. You will need a custom function incorporating `debug_get_backtrace()`. – miken32 Oct 29 '15 at 21:46
  • Unless you have PHP 5.6, as the other answer suggests. – miken32 Oct 29 '15 at 21:47
2

If you DON'T have PHP 5.6+

function sanitize(&$p1, &$p2 = null, &$p3 = null, &$p4 = null, &$p5 = null, &$p6 = null, &$p7 = null, &$p8 = null, &$p9 = null, &$p10 = null, &$p11 = null, &$p12 = null, &$p13 = null, &$p14 = null, &$p15 = null, &$p16 = null, &$p17 = null, &$p18 = null, &$p19 = null, &$p20 = null, &$p21 = null, &$p22 = null, &$p23 = null, &$p24 = null, &$p25 = null) {
    $argc = func_num_args();
    for ($i = 1; $i <= $argc; $i++) {
        _sanitize(${"p$i"});
    }
}
function _sanitize(&$a) {
    $a = addslashes($a); // and other filters
}

test2("he'llo", "wo'rld");
test("he'llo", "wo'rld","hap'y");

with a script you can generate more than 25 arguments if you need it (or build it manually :-))

Then, when you migrate to PHP 5.6 you can use the Steve's answer only touching the definition and not the rest of code.

Community
  • 1
  • 1
Luca Rainone
  • 16,138
  • 2
  • 38
  • 52