Error using the Sanitize function

Question

Error using the Sanitize function

Navigation

#1 by (2 votes)

1

I have a problem using this Sanitize function, I've already done the checks and I could not find where the error is, I'm passing those values to the function:

    $data1 = Sanitize::filter($_POST['data1']); 
    $data2 = Sanitize::filter($_POST['data2']); 
    $titulo = Sanitize::filter($_POST['titulo']);   
    $descricao = Sanitize::filter($_POST['descricao']);
    $observacao = Sanitize::filter($_POST['observacao']);
    $vagas = Sanitize::filter($_POST['vagas']);

The function looks like this:

abstract class Sanitize {
/**
 * Filter
 * 
 * @param  mixed $value
 * @param  array $modes
 * @return mixed
 * @static
 * @since  1.0
 */
    static public function filter($value, $modes = array('sql', 'html')) {
        if (!is_array($modes)) {
            $modes = array($modes);
        }
        if (is_string($value)) {
            foreach ($modes as $type) {
              $value = self::_doFilter($value, $type);
            }
            return $value;
        }
        foreach ($value as $key => $toSanatize) {
            if (is_array($toSanatize)) {
                $value[$key]= self::filter($toSanatize, $modes);
            } else {
                foreach ($modes as $type) {
                  $value[$key] = self::_doFilter($toSanatize, $type);
                }
            }
        }
        return $value;
    }
/**
 * DoFilter
 * 
 * @param  mixed $value
 * @param  array $modes
 * @return mixed
 * @static
 * @since  1.0
 */
    static protected function _doFilter($value, $mode) {
        switch ($mode) {
            case 'html':
                $value = strip_tags($value);
                $value = addslashes($value);
                $value = htmlspecialchars($value);
                break;

            case 'sql':
                $value = preg_replace(sql_regcase('/(from|select|insert|delete|where|drop table|show tables|#|\*| |\\)/'),'',$value);
                $value = trim($value);
                break;
        }
        return $value;
    }
}

And I'm getting this error:

Warning: Invalid argument supplied for foreach () in /home/cpcocari/public_html/sanitize.class.php on line 48

The error is being accused in this line:

foreach ($ value as $ key = > $ toSanatize) {

php

asked by anonymous 10.03.2017 / 13:18

1 answer

How to get element id from the find method? Error while compiling Cmake project

score 2 · Accepted Answer

Is the data you are passing through arrays? The foreach works only with arrays. You should verify that the input variable is an array to execute the foreach.

static public function filter($value, $modes = array('sql', 'html')) {
        if (!is_array($modes)) {
            $modes = array($modes);
        }
        if (is_string($value)) {
            foreach ($modes as $type) {
              $value = self::_doFilter($value, $type);
            }
            return $value;
        }
        if(is_array($values)){
            foreach ($value as $key => $toSanatize) {
                if (is_array($toSanatize)) {
                    $value[$key]= self::filter($toSanatize, $modes);
                } else {
                    foreach ($modes as $type) {
                       $value[$key] = self::_doFilter($toSanatize,           $type);
                }
            }
        }
}
        return $value;
    }