Error using Sanitize function

Asked

Viewed 110 times

1

I have a problem using this function Sanitize, I have already done the checks and I could not find where the error is, I am passing these values to the function:

    $data1 = Sanitize::filter($_POST['data1']); 
    $data2 = Sanitize::filter($_POST['data2']); 
    $titulo = Sanitize::filter($_POST['titulo']);   
    $descricao = Sanitize::filter($_POST['descricao']);
    $observacao = Sanitize::filter($_POST['observacao']);
    $vagas = Sanitize::filter($_POST['vagas']);

The function is like this:

abstract class Sanitize {
/**
 * Filter
 * 
 * @param  mixed $value
 * @param  array $modes
 * @return mixed
 * @static
 * @since  1.0
 */
    static public function filter($value, $modes = array('sql', 'html')) {
        if (!is_array($modes)) {
            $modes = array($modes);
        }
        if (is_string($value)) {
            foreach ($modes as $type) {
              $value = self::_doFilter($value, $type);
            }
            return $value;
        }
        foreach ($value as $key => $toSanatize) {
            if (is_array($toSanatize)) {
                $value[$key]= self::filter($toSanatize, $modes);
            } else {
                foreach ($modes as $type) {
                  $value[$key] = self::_doFilter($toSanatize, $type);
                }
            }
        }
        return $value;
    }
/**
 * DoFilter
 * 
 * @param  mixed $value
 * @param  array $modes
 * @return mixed
 * @static
 * @since  1.0
 */
    static protected function _doFilter($value, $mode) {
        switch ($mode) {
            case 'html':
                $value = strip_tags($value);
                $value = addslashes($value);
                $value = htmlspecialchars($value);
                break;

            case 'sql':
                $value = preg_replace(sql_regcase('/(from|select|insert|delete|where|drop table|show tables|#|\*| |\\\\)/'),'',$value);
                $value = trim($value);
                break;
        }
        return $value;
    }
}

And I’m getting this mistake:

Warning: Invalid argument supplied for foreach() in /home/cpcocari/public_html/Sanitize.class.php on line 48

The error is being accused in this line:

foreach ($value as $key => $toSanatize) {

php

  • Where is line 48 in your code?

1 answer

2


The data you are passing is arrays? foreach works only with arrays. You should check if the input variable is an array to run the foreach. 

static public function filter($value, $modes = array('sql', 'html')) {
        if (!is_array($modes)) {
            $modes = array($modes);
        }
        if (is_string($value)) {
            foreach ($modes as $type) {
              $value = self::_doFilter($value, $type);
            }
            return $value;
        }
        if(is_array($values)){
            foreach ($value as $key => $toSanatize) {
                if (is_array($toSanatize)) {
                    $value[$key]= self::filter($toSanatize, $modes);
                } else {
                    foreach ($modes as $type) {
                       $value[$key] = self::_doFilter($toSanatize,           $type);
                }
            }
        }
}
        return $value;
    }

  • Past values are at the top of the question @Leandro Araujo, are arrays, thanks for the suggestion.

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.