mysql_real_escape_string() for entire $_REQUEST array, or need to loop through it?

Question

Is there an easier way of safely extracting submitted variables other than the following?

if(isset($_REQUEST[\'kkld\'])) $kkld=mysql_real_escape_string($         


        

Answer 1

You can also use a recursive function like this to accomplish that

function sanitate($array) {
   foreach($array as $key=>$value) {
      if(is_array($value)) { sanitate($value); }
      else { $array[$key] = mysql_real_escape_string($value); }
   }
   return $array;
}
sanitate($_POST);