[SOLVED] Is this the correct way to clean data?

[tqla]

I want to clean data in a form. Is this correct? Thanks.

 

     
foreach($_POST as $field => $value)              
     {
$fields[]=$field;
        $value = strip_tags(trim($value));
        $values[] = mysql_real_escape_string($connection,$value);
        $$field = $value;                 
     }

[tqla]

I ask because although it does clean the data, I do get this error at the $values[] = mysql_real_escape_string($connection,$value); line.

 

Warning: mysql_real_escape_string() expects parameter 1 to be string

 

 

Also, why the two $$ before field?

 

 

[DarkWater]

1) It's supposed to be mysql_real_escape_string($value, $connection).

 

2) Variable variables are generally stupid (not always, I use them from time to time, RARELY).  Take that out.  Just do:

 

<?php
foreach($_POST as $field => $value)              
     {
        $value = strip_tags(trim($value)); //you can remove strip_tags() and put htmlentities() in its place if you want
        $_POST[$field] = mysql_real_escape_string($value, $connection);
             
     }

[tqla]

Thank you (again) DarkWater.

 

Do you suggest htmlentities over strip_tags?

[DarkWater]

Thank you (again) DarkWater.

 

Do you suggest htmlentities over strip_tags?

 

Yes, I do, in most cases.  strip_tags() is USUALLY overkill, and htmlentities() or htmlspecialchars() do the job.

[tqla]

Understood. Thank you!