发表新帖
发表新帖

mysql_real_escape_string() for entire $_REQUEST array, or need to loop through it?

后端 未结
关注
6 949
没有蜡笔的小新
没有蜡笔的小新 2020-12-13 22:50

Is there an easier way of safely extracting submitted variables other than the following? 

if(isset($_REQUEST[\'kkld\'])) $kkld=mysql_real_escape_string($
6条回答
  • 长情又很酷
    长情又很酷 (楼主)
    2020-12-13 23:39

    As far as I'm concerned Starx' and Ryan's answer from Nov 19 '10 is the best solution here as I just needed this, too.

    When you have multiple input fields with one name (e.g. names[]), meaning they will be saved into an array within the $_POST-array, you have to use a recursive function, as mysql_real_escape_string does not work for arrays.

    So this is the only solution to escape such a $_POST variable.

    function sanitate($array) {
    foreach($array as $key=>$value) {
        if(is_array($value)) { sanitate($value); }
            else { $array[$key] = mysql_real_escape_string($value); }
   }
   return $array;
}
sanitate($_POST);

    0 讨论(0)
 看不清?
提交回复
热议问题