Reputation: 1897
array_map/array_walk keeps reporting invalid callback, not found, and/or undefined
I just wanted a more elegant automated solution to my form validation. On PHP.net I found a cool class script from the SQL injection page. Here it is the code (modified). It's suppose to go through my $_POST array and apply the validation function.
class secure
{
function secureSuperGlobalPOST($v)
{
$_POST[$v] = htmlspecialchars(stripslashes($_POST[$v]));
$_POST[$v] = str_ireplace("script", "blocked", $_POST[$v]);
$_POST[$v] = mysql_escape_string($_POST[$v]);
return $_POST[$v];
}
function secureGlobals()
{
// This was originally array_walk; I'm just trying to figure out what's up...
array_map('secureSuperGlobalPOST', $_POST);
}
}
// This last line is attempt at using it. This was not provided with the code.
secure::secureGlobals();
So then I get this error:
_"Warning: array_map() expects parameter 1 to be a valid callback, function 'secureSuperGlobalPOST' not found or invalid function name in C:\wamp\www\mysite\register.php on line 19"_
I have been looking forever, but I cannot figure out why it wouldn't be valid, not found (it's in the same class), or why it would be invalid name (it's the same exact name!).
Upvotes: 0
Views: 5545
Answers (2)
Reputation: 85458
That's because secureSuperGlobalPOST is not a global function.
You have to either take it out of the class, or make it a static method and use:
array_map('secure::secureSuperGlobalPOST', $_POST);
By the way you are not using callbacks the right way. A better way would be:
function secureVar($v)
{
return mysql_escape_string(htmlspecialchars(
str_ireplace("script", "blocked", $v)));
}
Then call
array_walk($_POST, 'secure::secureVar');
array_walk($_GET, 'secure::secureVar');
So you get to re-use code.
Another thing I want to point out is that this is not the proper way to avoid XSS. This is the lazy way. You shoudn't do that. What if your users entered a text that said: "I read your script"? As it is, it would get converted into "I read your blocked".
Upvotes: 3
Reputation: 17555
Declare secureSuperGlobalPOST as static and use:
return array_map('self::secureSuperGlobalPOST', $_POST);
or:
return array_map(array('self','secureSuperGlobalPOST'), $_POST);
If you don't want secureGlobalPOST to be a static method:
return array_map(array('secure','secureSuperGlobalPOST'), $_POST);
But you must still catch the return value in your last statement.
$result=secure::secureGlobals();
Upvotes: 8
Related Questions
- How to get array_walk working with PHP built in functions?
- array_map - "Argument passed must be of the type array, string given" error
- Php function throws "undefined constant" when using within `array_map`
- PHP error. Why is "variable undefined" inside array_map?
- Setting callback function in array_map giving error
- Error passing method to array_walk
- Array_map versus array walk because of warning issues
- php Cannot call the function for array_map
- Why does this array_walk function throw an error?
- Issue with array_map callback