tqla Posted September 8, 2008 Share Posted September 8, 2008 I want to clean data in a form. Is this correct? Thanks. foreach($_POST as $field => $value) { $fields[]=$field; $value = strip_tags(trim($value)); $values[] = mysql_real_escape_string($connection,$value); $$field = $value; } Link to comment https://forums.phpfreaks.com/topic/123345-solved-is-this-the-correct-way-to-clean-data/ Share on other sites More sharing options...
tqla Posted September 8, 2008 Author Share Posted September 8, 2008 I ask because although it does clean the data, I do get this error at the $values[] = mysql_real_escape_string($connection,$value); line. Warning: mysql_real_escape_string() expects parameter 1 to be string Also, why the two $$ before field? Link to comment https://forums.phpfreaks.com/topic/123345-solved-is-this-the-correct-way-to-clean-data/#findComment-637063 Share on other sites More sharing options...
DarkWater Posted September 9, 2008 Share Posted September 9, 2008 1) It's supposed to be mysql_real_escape_string($value, $connection). 2) Variable variables are generally stupid (not always, I use them from time to time, RARELY). Take that out. Just do: <?php foreach($_POST as $field => $value) { $value = strip_tags(trim($value)); //you can remove strip_tags() and put htmlentities() in its place if you want $_POST[$field] = mysql_real_escape_string($value, $connection); } Link to comment https://forums.phpfreaks.com/topic/123345-solved-is-this-the-correct-way-to-clean-data/#findComment-637069 Share on other sites More sharing options...
tqla Posted September 9, 2008 Author Share Posted September 9, 2008 Thank you (again) DarkWater. Do you suggest htmlentities over strip_tags? Link to comment https://forums.phpfreaks.com/topic/123345-solved-is-this-the-correct-way-to-clean-data/#findComment-637071 Share on other sites More sharing options...
DarkWater Posted September 9, 2008 Share Posted September 9, 2008 Thank you (again) DarkWater. Do you suggest htmlentities over strip_tags? Yes, I do, in most cases. strip_tags() is USUALLY overkill, and htmlentities() or htmlspecialchars() do the job. Link to comment https://forums.phpfreaks.com/topic/123345-solved-is-this-the-correct-way-to-clean-data/#findComment-637073 Share on other sites More sharing options...
tqla Posted September 9, 2008 Author Share Posted September 9, 2008 Understood. Thank you! Link to comment https://forums.phpfreaks.com/topic/123345-solved-is-this-the-correct-way-to-clean-data/#findComment-637079 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.