A simple php escaping class.

Escpr is a pretty simple class. Just download a zip or clone the repository in the root of your project. Then load it:

<?php

using \Escpr\Escpr;

...is pretty easy. Use the one and only publicly available method - escape().

Here's how:

Espr::escape($anything); // anything can be, well, anything.

It traverses arrays and objet's properties' values, until it finds a string. Escpr escapes that string and continues to traverse.

NOTE: Escpr works by reference, which means it escapes directly the passed argument's value and returns nothing.

There's a thing you should keep in mind, though. Espr does not escape stdClass objects. But there's a workaround.

• First, cast the stdClass object to array
• Second, escape that array with Escpr::escape().
• Third, cast back to object to use the escaped...thing...as an object.

Here's an example:

$stdClassObject = new stdClass(); // create a simple stdClass object.
$stdClassObject->escapeMe = '<script>alert("Rotten tomatoes ftw!")</script>'; // add a property to it.
$stdClassObjectAsArray = (array) $stdClassObject; // because Escpr does not escape stdClass objects, convert it to array.

Escpr::escape($stdClassObjectAsArray); // escape the casted array.

$stdClassObject = (object) $stdClassObjectAsArray; // cast the escaped array back to stdClass object.

echo $stdClassObject->escapeMe . '<br />'; // print the escaped value.

Escpr is distributed under the MIT license.

More examples in the Examples/ folder.

Happy escaping!