A simple php escaping class.
Escpr is a pretty simple class. Just download a zip or clone the repository in the root of your project. Then load it:
<?php
using \Escpr\Escpr;
...is pretty easy. Use the one and only publicly available method - escape().
Here's how:
Espr::escape($anything); // anything can be, well, anything.
It traverses arrays and objet's properties' values, until it finds a string. Escpr escapes that string and continues to traverse.
NOTE: Escpr works by reference, which means it escapes directly the passed argument's value and returns nothing.
There's a thing you should keep in mind, though. Espr does not escape stdClass objects. But there's a workaround.
- First, cast the stdClass object to array
- Second, escape that array with Escpr::escape().
- Third, cast back to object to use the escaped...thing...as an object.
Here's an example:
$stdClassObject = new stdClass(); // create a simple stdClass object.
$stdClassObject->escapeMe = '<script>alert("Rotten tomatoes ftw!")</script>'; // add a property to it.
$stdClassObjectAsArray = (array) $stdClassObject; // because Escpr does not escape stdClass objects, convert it to array.
Escpr::escape($stdClassObjectAsArray); // escape the casted array.
$stdClassObject = (object) $stdClassObjectAsArray; // cast the escaped array back to stdClass object.
echo $stdClassObject->escapeMe . '<br />'; // print the escaped value.
Escpr is distributed under the MIT license.
More examples in the Examples/ folder.
Happy escaping!