Jump to content

[SOLVED] Is this the correct way to clean data?


tqla

Recommended Posts

I want to clean data in a form. Is this correct? Thanks.

 

     
foreach($_POST as $field => $value)              
     {
$fields[]=$field;
        $value = strip_tags(trim($value));
        $values[] = mysql_real_escape_string($connection,$value);
        $$field = $value;                 
     }

I ask because although it does clean the data, I do get this error at the $values[] = mysql_real_escape_string($connection,$value); line.

 

Warning: mysql_real_escape_string() expects parameter 1 to be string

 

 

Also, why the two $$ before field?

 

 

1) It's supposed to be mysql_real_escape_string($value, $connection).

 

2) Variable variables are generally stupid (not always, I use them from time to time, RARELY).  Take that out.  Just do:

 

<?php
foreach($_POST as $field => $value)              
     {
        $value = strip_tags(trim($value)); //you can remove strip_tags() and put htmlentities() in its place if you want
        $_POST[$field] = mysql_real_escape_string($value, $connection);
             
     }

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.