I am trying to create a function to check user inputs. I have the following called cleanup.php
function clean_input($string)
{
if(function_exists('mysql_real_escape_string'))
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_real_escape_string($string);
}
elseif(function_exists('mysql_escape_string'))
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$string = mysql_escape_string($string);
}
else
{
$string = addslashes($string);
}
return $string;
}
if($_POST['fname']) $fname = clean_input($_POST['fname']);
if($_POST['sname']) $sname = clean_input($_POST['sname']);
if($_POST['adr']) $adr = clean_input($_POST['adr']);
if($_POST['adr1']) $adr1 = clean_input($_POST['adr1']);
if($_POST['toci']) $toci = clean_input($_POST['toci']);
if($_POST['cty']) $cty = clean_input($_POST['cty']);
if($_POST['ctry']) $ctry = clean_input($_POST['ctry']);
if($_POST['pcode']) $pcode = clean_input($_POST['pcode']);
if($_POST['tel']) $tel = clean_input($_POST['tel']);
if($_POST['mob']) $mob = clean_input($_POST['mob']);
if($_POST['email']) $email = clean_input($_POST['email']);
if($_POST['arrtime']) $arrtime = clean_input($_POST['arrtime']);
if($_POST['option1']) $option1 = clean_input($_POST['option1']);
if($_POST['option2']) $option2 = clean_input($_POST['option2']);
if($_POST['option3']) $option3 = clean_input($_POST['option3']);
if($_POST['option4']) $option4 = clean_input($_POST['option4']);
if($_POST['option5']) $option5 = clean_input($_POST['option5']);
if($_POST['option6']) $option6 = clean_input($_POST['option6']);
if($_POST['option7']) $option7 = clean_input($_POST['option7']);
if($_POST['option8']) $option8 = clean_input($_POST['option8']);
if($_POST['option9']) $option9 = clean_input($_POST['option9']);
if($_POST['option10']) $option10 = clean_input($_POST['option10']);
if($_POST['uname']) $uname = clean_input($_POST['uname']);
if($_POST['upass']) $upass = clean_input($_POST['upass']);
if($_POST['db_name']) $db_name = clean_input($_POST['db_name']);
if($_POST['db_user']) $db_user = clean_input($_POST['db_user']);
if($_POST['db_host']) $db_host = clean_input($_POST['db_host']);
if($_POST['db_pass']) $db_pass = clean_input($_POST['db_pass']);
I will then ssi this into the page which is parsing the inputs.
What I want to know is if there is a more efficient way of cleaning up user inputs. I have come across a script that seems a bit better but am not sure how to implement it.
foreach ($_POST as $key => $value) {
$key = clean_input($value);
}
If i could implement something like this I think it would be less time consuming and I would have to add each input field.
Can anyone help