Function calls itself, is this possible?

Question

I've been looking around the internet trying to learn more about sanitization an validation in PHP and it's the second time I run into this type of function that I have some trouble understanding how this foreach statement works.

This is the code, taken from here:

function sanitize($input) {
    if (is_array($input)) {
        foreach($input as $var=>$val) {
            $output[$var] = sanitize($val);
        }
    }
    else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $input  = cleanInput($input);
        $output = mysql_real_escape_string($input);
    }
    return $output;
}

So my doubt lies in the foreach statement if the $input is_array, where each index of the array is passed through the function that is being created. For a novice programmer like myself I'm not sure how you can call something halfway within it's creation.

I've done some passing around munching the idea and think I've reached an answer, but I'm not sure if that's the case and that's why I'm asking this question, both for confirmation and guidance to some literature that might help me grasp this type of "use".

So I'm thinking that when the function is called sanitize($someArray); it will evaluate to true on the if statement and run the foreach. On each of the indexes when it runs the sanitize($val); it will jump to the else statement and run the "single value" instructions. Unless of course $input is an array of arrays, in which case it would repeat the first step until each item is sanitized in each array.

My doubt appears, because this is what I see too some extent:

function sanitize($input) {
    if(foo){sanitize($input->i);}
    else {...}
}

I instinctively expect an infinite loop.

Does this make sense? Is it a mistake made in the code? Are there any chances of it running indefinitely?

Answer 1

Nope, it is recursive, but will not run till death do us part.

You have one instance of the function sanitize (sanitize.1). That received an array. As it is an array, indeed, it will call on a function sanitize(lets call it Sanitize.2, for clarity). That runs next to sanitize.1.

However, in sanitize.1 you only pass a single value to the function. So indeed, it jumps to the else part of the function. Clean the variable. Return the sanitized input, and disappear again. At that time, sanitize.1 steps to the next element in the array, and runs the whole thing again.

In your situation where each element of the passed array is also an array, it still works: each sub array is treated in the same way and you get sanitize.1 calling sanitize.2 which in turn calls sanitize.3. That you can do indefinately. As computers are real good of keeping track of what they are doing, they can do this, where you and I on a piece of paper would make a big mess of it ;D

Answer 2

The function isn't called until after it is created. And it only operates on a smaller piece of the original input. Eventually something that is not an array will be reached, and the levels of recursion will fall away.