Apply FILTER_SANITIZE or real_escape_string to all fields of a json

0

Well I have to apply a FILTER_SANITIZE_SPECIAL_CHARS to all the fields of a json.

You currently get json like this:

// Recebo o json
$json = filter_input(INPUT_POST, 'json', FILTER_DEFAULT);

// Decodifica o Json
$obj = json_decode($json);

// Aqui eu tenho que aplicar o 'FILTER_SANITIZE_SPECIAL_CHARS'

The json var_dump:

{
 "Autenticacao": {
    "login": "100",
    "senha": "123"
 },
 "operacao": {
    "nome": "hugo",
    "endereco": "rua sei la",
    "numero": "123"
 }
}

How do I navigate the login , senha , nome , endereco , and numero fields by applying FILTER_SANITIZE_SPECIAL_CHARS ?

Edit ----------------------------

I've tried real_escape_string as follows:

foreach ($obj as &$main) {
            foreach ($main as &$value) {
                $value = $conexao->real_escape_string($value);
            }
        }

But I'm having this error:

mysqli::real_escape_string() expects parameter 1 to be string, object given in 
    
asked by anonymous 09.08.2017 / 19:18

2 answers

2

Using% s of% s and adding% with% (commercial 'E') the% value variables of foreach to create a reference:

foreach ($obj as &$main) {
    foreach ($main as &$value) {
        $value = filter_var($value, FILTER_SANITIZE_SPECIAL_CHARS);
    }
}

See what happens if you use INT in one of the fields and boolean in another in jsfiddle: link , code:

<?php

$obj = json_decode('{
 "Autenticacao": {
    "login": 100000000000,
    "senha": "123"
 },
 "operacao": {
    "nome": false,
    "endereco": "rua sei la",
    "numero": "123"
 }
}');

foreach ($obj as &$main) {
    foreach ($main as &$value) {
        $value = filter_var($value, FILTER_SANITIZE_SPECIAL_CHARS);
    }
}

var_dump($obj);

The name field becomes an empty string, and the login field becomes a string in numeric format, but is no longer of type "int", See result of & fields have changed directly in foreach :

object(stdClass)#2 (2) {
  ["Autenticacao"]=>
  object(stdClass)#1 (2) {
    ["login"]=>
    string(12) "100000000000" <--------- AQUI
    ["senha"]=>
    string(3) "123"
  }
  ["operacao"]=>
  &object(stdClass)#3 (3) {
    ["nome"]=>
    string(0) "" <--------- AQUI
    ["endereco"]=>
    string(10) "rua sei la"
    ["numero"]=>
    &string(3) "123"
  }
}

The change affected directly% due to e-commerce , according to the PHP documentation:

With mysql and real_escape

You can do this:

<?php
$mysqli = new mysqli("localhost", "usuario", "senha", "banco");

...

foreach ($obj as &$main) {
    foreach ($main as &$value) {
        $value = $mysqli->real_escape_string($value);
    }
}

If it is procedural:

<?php
$mysqli = mysqli_connect("localhost", "usuario", "senha", "banco");

...

foreach ($obj as &$main) {
    foreach ($main as &$value) {
        $value = mysqli_real_escape_string($mysqli, $value);
    }
}
    
09.08.2017 / 19:27
2

For this question I decided to do a little function, which only works if json has only 1 degree but solves the situation well.

OBS The variable is passed by reference which means it will be changed, you do not need to do $json = saveJson($obj);

OBS The current filter is FILTER_SANITIZE_STRING , choose one that fits your needs

function saveJson(&$json)
{
    foreach($json as $key => $object)
    {
        foreach($object as $key1 => $o)
        {
            $json->$key->$key1 = filter_var($o, FILTER_SANITIZE_STRING);
        } 
    }
}
    
09.08.2017 / 19:42