ESC Array in $_POST from a form


I try to esc in a kirbyway my send datas from a form. But if I submit the data I have a array inside $_POST and I get this error:

htmlspecialchars() expects parameter 1 to be string, array given

thats my code:

  $_SESSION['registrationdata'] = esc($_POST);

Here I write my $_POST in a Session.
Have some a best practice way how i can esc the array fom my form? Or should I do it another?


While esc() is often used in this way, it is actually not really correct usage. You should use validators to make sure you get the correct input in your forms and discard incorrect input. Then escape data when you output it in templates etc.

If you do it like this, you can store your $_POST array in the session without further ado.

If you want to apply some cleaning up, e.g. trim whitespace whitespace, you have to do this on the individual $_POST items:

$data = [
   'name' => trim($_POST['name']),
   'email' => trim($_POST['email'])

Note that this is only an example, it shouldn’t be necessary if you apply proper validators that prevent receiving such data in the first place. Have a look at Kirby’s validator class.

Then store the $data array in the session:

 $_SESSION['registrationdata'] = $data;
1 Like