<?php
/*
Written By: Nicholas Kreidberg
Revised On: 06/16/2009
Desc: fnSanitizePost() takes a $_POST array &
sanitizes all strings for insertion into a db.
Call: $aclean_post = fnCleanPost($_POST);
*/

function fnSanitizePost($data) //escapes,strips and trims all members of the post array
{
  if(is_array($data))
  {
    $areturn = array();
    foreach($data as $skey=>$svalue)
    {
      $areturn[$skey] = fnSanitizePost($svalue);
    }
    return $areturn;
  }
  else
  {
   if(!is_numeric($data))
   {
    // with magic quotes on, the input gets escaped twice, which means that we have to strip those slashes. 
    // leaving data in your database with slashes in them, is a bad idea.
    if(get_magic_quotes_gpc()) //gets current magic quotes config
      $data = stripslashes($data);

    //escapes a string for insertion into the database
      $data = pg_escape_string($data); 
      $data = strip_tags($data); //strips HTML and PHP tags from a string
    }

    //trims whitespace from beginning and end of a string
    $data = trim($data); 
    return $data;
  }
}
?>