Ok....
Why not just set the values in $_REQUEST then?
AbstractEnvironment::stripTagsArr($_REQUEST);
Or something like this:
foreach($_REQUEST as $key => $val) {
$_REQUEST[$key] = stripTagsNStuff($key, $val);
}
On Thu, 15 Jul 2004 15:45:45 -0700, Dennis Gearon <[EMAIL PROTECTED]> wrote:
> I found the answer, as my second post on this told.
>
> Why unset the globals?
>
> I plan on implementing filters on all User input to ALL scripts in the prepend file.
> And if someone wants to get a variable that was supplied by a user, they have to
> specifiy if it's going to be INT, STR(with options to remove run on spaces, validate
> email addr, remove carriage returns to prevent embedded email directives) 'NUM' type
> with formatting like in databases, and also, anti SQL injection escaping is
> possible. The programmer will HAVE to choose which filtering, but strip tags is
> automatic. I'm not going to have XSS holes or SQL injection on my site.
>
>
>
>
> Justin Patrin wrote:
>
> > You can't unset $_REQUEST. All it does is unset the reference to it in
> > the current context. It still exists elsewhere. If you *really* want
> > to get rid of $_REQUEST, you should do it this way:
> >
> > unset($GLOBALS['_REQUEST']);
> >
> > But I would advise against that. Why exactly are you unsetting a superglobal?
> >
> > On Thu, 15 Jul 2004 15:00:15 -0700, Dennis Gearon <[EMAIL PROTECTED]> wrote:
> >
> >>I have a function in a class that unsets the superglobal $_REQUEST;
> >>
> >>Well, it's supposed to, it doesn't do it. I'm on version 4.2.3 of PHP. This page:
> >>
> >>
> >> http://us2.php.net/manual/en/language.variables.predefined.php#language.variables.superglobals
> >>
> >>says that $_REQUEST is a super global as of version 4.1.0. Is there some bug I
> >>don't know about or am I doing something wrong?
> >>
> >>Here's the code:
> >>
> >><?PHP
> >>$_REQUEST["var1"]="\"><script>script stuff</script>";
> >>$_REQUEST["var2"]="a_string_of_course";
> >>$_REQUEST["arr1"]["elem1"]="<script>script stuff2</script>";
> >>$_REQUEST["arr1"]["elem2"]="another_string_of_course";
> >>
> >>if( !defined('TEST_UNSET') ){
> >> define('TEST_UNSET', TRUE);
> >>
> >> class abstract_environment{
> >> var $_REQUEST;
> >> function abstract_environment(){
> >> $this->_REQUEST=$_REQUEST;
> >> unset( $_REQUEST );
> >> echo("unset was done");
> >> $this->_clean_all_vars();
> >> }
> >> function _clean_all_vars(){
> >> //ADD OTHER PROCESSING AS NEEDED
> >> $this->_strip_tags_arr( $this->_REQUEST );
> >> }
> >> function _strip_tags_arr( &$arr_or_solo ){
> >> if( isset($arr_or_solo) ){
> >> if( !is_array($arr_or_solo) ){
> >> $arr_or_solo= strip_tags($arr_or_solo);
> >> } else {
> >> reset ($arr_or_solo);
> >> while (list($key, ) = each ($arr_or_solo)) {
> >> if( isset($arr_or_solo[$key]) ){
> >> if( is_array($arr_or_solo[$key]) ){
> >>
> >> $this->_strip_tags_arr($arr_or_solo[$key]);
> >> } else {
> >> $arr_or_solo[$key] =
> >> strip_tags($arr_or_solo[$key]);
> >> }
> >> }
> >> }
> >> }
> >> }
> >> }
> >>
> >> }
> >>}
> >>$abs_env=new abstract_environment;
> >>echo "<pre>";
> >>print_r($_REQUEST);
> >>print_r( $abs_env );
> >>echo "</pre>";
> >>?>
> >>
> >>--
> >>PHP General Mailing List (http://www.php.net/)
> >>To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >>
> >
> >
> >
>
--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder
paperCrane --Justin Patrin--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
