[SOLVED] function not working...

darkfreaks · December 11, 2008

any takers ???

<?php
if(get_magic_quotes_gpc())
{
//clean XSS/SQL injection
function clean_post($var) {

$var=strip_tags(trim(mysqli_real_escape_string($var)));
$var=htmlspecialchars($var,ENT_QUOTES);
return $var;
}

array_walk_recursive($_POST,'clean_post');
} 
?>

mrdamien · December 11, 2008

<?php
if(get_magic_quotes_gpc())
{
//clean XSS/SQL injection
function clean_post(&$var) {

$var=strip_tags(trim(mysqli_real_escape_string($var)));
$var=htmlspecialchars($var,ENT_QUOTES);
}

array_walk_recursive($_POST,'clean_post');
} 
?>

Also, make sure get_magic_quotes_gpc() is not returning false.

PFMaBiSmAd · December 11, 2008

It would probably be worth your time to read the php manual section for the mysqli_real_escape_string() function - http://us.php.net/manual/en/mysqli.real-escape-string.php

The procedural style usage requires the link identifier as the first parameter. The second parameter is the string. If you were developing php code and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON, there would have been an error reporting concerning the incorrect parameters that would have probably allowed you to solve at least that part of the problem yourself.

darkfreaks · December 11, 2008

Modified with mysql instead of mysqli:

<?php

//clean XSS/SQL injection
function clean_post($var) {

$var=strip_tags(trim(mysql_real_escape_string($var)));
$var=htmlspecialchars($var,ENT_QUOTES);
return $var;
}

array_walk_recursive($_POST,'clean_post');

?>

Sign In

[SOLVED] function not working...

Recommended Posts

darkfreaks

Link to comment

Share on other sites

mrdamien

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information