iamkirkbater/buildOptions.php

## buildOptions.php
<?php

/**
 * Sanitizes a variable
 *
 * Sanitizes by reference for use with Array_Walk_Recursive.  Remove the ampersand if you aren't using that function.
 *
 * @param $var - String to sanitize.
 * @return string - Sanitized String
 */
function sanitizeInput(&$var) {
    $var = str_replace(
    array("\xe2\x80\x98", "\xe2\x80\x99", "\xe2\x80\x9c", "\xe2\x80\x9d", "\xe2\x80\x93", "\xe2\x80\x94", "\xe2\x80\xa6"),
    array("'", "'", '"', '"', '-', '--', '...'),
    $var);
    $var = str_replace(
    array(chr(145), chr(146), chr(147), chr(148), chr(150), chr(151), chr(133)),
    array("'", "'", '"', '"', '-', '--', '...'),
    $var);
    $var = trim($var);
    $var = stripslashes($var);
    $var = htmlentities($var, ENT_QUOTES);
    $var = strip_tags($var);
    return $var;
}

/**
 * takes an array of strings and then returns a string of options.
 *
 * This function takes an array of strings and then uses those strings to populate both the
 * value and display fields of an `<option>` tag.  Two optional parameters are included: *first* and
 * *selected*.  *first* is used to customize what the first option tag will consist of.  For example, if you
 * are using this to sort a list of countries, you would change it from "Select One" to "Select a Country" or some
 * other wording of your choice.  *selected* is a flag that defaults to false but you would set it to an option in your
 * array.  This is useful for using this in a function that displays the same form for creating a data entry, or editing
 * the same data entry after it's created and you want an easy way to add the already checked value back into the form.
 *
 * @param array $data
 * @param string $first
 * @param bool $selected
 * @return string
 */
function buildOptions($data, $first = "Select One", $selected = false) {
    //Sanitize the data array for XSS Vulnerabilities (thanks Reddit/r/webdev and /r/php)
    array_walk_recursive($data,sanitizeInput);
    $first = sanitizeInput($first);
    $html = '';

    if($selected==false) {
        $html.='<option value="'.$first.'" selected="selected">'.$first.'</option>';
    } else {
        $html.='<option value="'.$first.'">'.$first.'</option>';
    }

    foreach($data as $option) {
        $html.='<option value="'.$option.'"';
        if($option == $selected) {
            $html.=' selected="selected"';
        }
        $html.='>'.$option.'</option>';
    }

    return $html;
}

/*

Example Usages:

    Assume: $countries = array("Afghanistan", "Albania", ..., "Zimbobwe");

  For a blank form:

    echo '<select name="mySelectName" id="mySelectID">';
    echo buildOptions($countries, "Select a Country");
    echo '</select>';

  For a populated form where "Panama" is in the $countries array and is to be the selected value:

    echo '<select name="mySelectName" id="mySelectID">';
    echo buildOptions($countries, "Select a Country", "Panama");
    echo '</select>';

*/
	<?php

	/**
	* Sanitizes a variable
	*
	* Sanitizes by reference for use with Array_Walk_Recursive. Remove the ampersand if you aren't using that function.
	*
	* @param $var - String to sanitize.
	* @return string - Sanitized String
	*/
	function sanitizeInput(&$var) {
	$var = str_replace(
	array("\xe2\x80\x98", "\xe2\x80\x99", "\xe2\x80\x9c", "\xe2\x80\x9d", "\xe2\x80\x93", "\xe2\x80\x94", "\xe2\x80\xa6"),
	array("'", "'", '"', '"', '-', '--', '...'),
	$var);
	$var = str_replace(
	array(chr(145), chr(146), chr(147), chr(148), chr(150), chr(151), chr(133)),
	array("'", "'", '"', '"', '-', '--', '...'),
	$var);
	$var = trim($var);
	$var = stripslashes($var);
	$var = htmlentities($var, ENT_QUOTES);
	$var = strip_tags($var);
	return $var;
	}

	/**
	* takes an array of strings and then returns a string of options.
	*
	* This function takes an array of strings and then uses those strings to populate both the
	* value and display fields of an `<option>` tag. Two optional parameters are included: first and
	* selected. first is used to customize what the first option tag will consist of. For example, if you
	* are using this to sort a list of countries, you would change it from "Select One" to "Select a Country" or some
	* other wording of your choice. selected is a flag that defaults to false but you would set it to an option in your
	* array. This is useful for using this in a function that displays the same form for creating a data entry, or editing
	* the same data entry after it's created and you want an easy way to add the already checked value back into the form.
	*
	* @param array $data
	* @param string $first
	* @param bool $selected
	* @return string
	*/
	function buildOptions($data, $first = "Select One", $selected = false) {
	//Sanitize the data array for XSS Vulnerabilities (thanks Reddit/r/webdev and /r/php)
	array_walk_recursive($data,sanitizeInput);
	$first = sanitizeInput($first);
	$html = '';

	if($selected==false) {
	$html.='<option value="'.$first.'" selected="selected">'.$first.'</option>';
	} else {
	$html.='<option value="'.$first.'">'.$first.'</option>';
	}

	foreach($data as $option) {
	$html.='<option value="'.$option.'"';
	if($option == $selected) {
	$html.=' selected="selected"';
	}
	$html.='>'.$option.'</option>';
	}

	return $html;
	}

	/*

	Example Usages:

	Assume: $countries = array("Afghanistan", "Albania", ..., "Zimbobwe");

	For a blank form:

	echo '<select name="mySelectName" id="mySelectID">';
	echo buildOptions($countries, "Select a Country");
	echo '</select>';

	For a populated form where "Panama" is in the $countries array and is to be the selected value:

	echo '<select name="mySelectName" id="mySelectID">';
	echo buildOptions($countries, "Select a Country", "Panama");
	echo '</select>';

	*/