Jay Ess wrote:
> hessiess@xxxxxxxxxxxx wrote:
>> I have some code which will loop over the whole $_POST array, runs it
>> through mysql_real_escape_string and then writes it all back to the array
>> again, which seams to work. Are there any incompatibility problems or
>> such
>> like with writing into the $_POST or $_GET array?
>>
>> function clean_post()
>> {
>> $npost = array();
>>
>> while ($value = current($_POST))
>> {
>> $key = key($_POST);
>> $npost += array("$key" => mysql_real_escape_string($value));
>> next($_POST);
>> }
>>
>> $_POST = $npost;
>> }
>>
>>
>>
>
> There could be problems when introducing slashes if you use other
> peoples codes. But if this is for your own code it probably wont matter.
>
> And here is a shorter version of your code :
> foreach($_POST as $key=>$val)
> $_POST[$key] = mysql_real_escape_string($val);
>
But, first, you need to use get_magic_quotes_gpc() to see if magic_quotes_gpc is
turned on. If so, you need to run stripslashes() on your variables before you
run the mysql_real_escape_string() on them.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map('stripslashes', $_POST);
}
$_POST = array_map('mysql_real_escape_string', $_POST);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
