clean_array_gpc question

[Boofo]

I am kind of confused with it comes to cleaning certain variables. Do I need to do anything special for URL links? Here is the code I am using right now in the profile_updateprofile hook:

Code:

$vbulletin->input->clean_array_gpc('p', array(
	'ul_link_1_name'   => TYPE_STR,
	'ul_link_1_url'    => TYPE_STR,
	'ul_link_2_name'   => TYPE_STR,
	'ul_link_2_url'    => TYPE_STR,
	'ul_link_3_name'   => TYPE_STR,
	'ul_link_3_url'    => TYPE_STR,
	'ul_link_4_name'   => TYPE_STR,
	'ul_link_4_url'    => TYPE_STR,
	'ul_link_5_name'   => TYPE_STR,
	'ul_link_5_url'    => TYPE_STR,
));

$userdata->set('ul_link_1_name', $vbulletin->GPC['ul_link_1_name']);
$userdata->set('ul_link_1_url', $vbulletin->GPC['ul_link_1_url']);
$userdata->set('ul_link_2_name', $vbulletin->GPC['ul_link_2_name']);
$userdata->set('ul_link_2_url', $vbulletin->GPC['ul_link_2_url']);
$userdata->set('ul_link_3_name', $vbulletin->GPC['ul_link_3_name']);
$userdata->set('ul_link_3_url', $vbulletin->GPC['ul_link_3_url']);
$userdata->set('ul_link_4_name', $vbulletin->GPC['ul_link_4_name']);
$userdata->set('ul_link_4_url', $vbulletin->GPC['ul_link_4_url']);
$userdata->set('ul_link_5_name', $vbulletin->GPC['ul_link_5_name']);
$userdata->set('ul_link_5_url', $vbulletin->GPC['ul_link_5_url']);

There are 5 link names as well as 5 link url settings. I was seeing xss_clean_url in some vb 4 code. And 2 examples I saw are:

Code:

$url = $vbulletin->input->xss_clean_url($url);
$rss['url'] = vB::$vbulletin->input->xss_clean_url($config['url']);

My question is, do I need to do anything else with the links besides the clean_array_gpc? And if so, where?

I am using these links in a user menu, by the way, if that means anything.

[Disasterpiece]

Normally I just use the mysql_real_escape_string function, because it basically works for any possible case without destroying my data. The vB pendant is somewhere in $vbulletin->db->clean() iirc. Normally you just need that.
If you find other functions doing the same? Maybe. I wouldn't stress too hard with any clean_array_* functions, just prepare the data when you actually need it.
the xss_clean_url could be a special case, where the url gets tested with some regex if it comes from the local site or not.

btw, if you're working with integer vars, best thing is:

PHP Code:

$query = "SELECT * FROM whatever WHERE id = ".(int)$evilvar; 


So instead of pushing integer through expensive filter functions, a simple (int) cast ensures that the var is either 0 or a valid number.