darkfreaks Posted December 11, 2008 Share Posted December 11, 2008 ok so i have a question i have a clean function that i wanna loop on all post variables so i tried calling it like this <?php //somehow leaking SQL injection function clean($var){ $var=trim(strip_tags(mysql_real_escape_string($var))); $var=htmlspecialchars($var,ENT_QUOTES); return $var; array_walk($_POST,'clean'); // arraying post variables and cleaning which doesnt work or leaks injection ?> Link to comment https://forums.phpfreaks.com/topic/136590-question-about-array_walk/ Share on other sites More sharing options...
flyhoney Posted December 11, 2008 Share Posted December 11, 2008 What is your question? Link to comment https://forums.phpfreaks.com/topic/136590-question-about-array_walk/#findComment-713167 Share on other sites More sharing options...
Brian W Posted December 11, 2008 Share Posted December 11, 2008 cant use mysql_real_escape_string to prevent to leaking of SQL injection? Link to comment https://forums.phpfreaks.com/topic/136590-question-about-array_walk/#findComment-713168 Share on other sites More sharing options...
darkfreaks Posted December 11, 2008 Author Share Posted December 11, 2008 i want to know why it doesn't work i tried looking for obvious errors there are non however it does not stop injection on my site. Link to comment https://forums.phpfreaks.com/topic/136590-question-about-array_walk/#findComment-713169 Share on other sites More sharing options...
trq Posted December 11, 2008 Share Posted December 11, 2008 You need to pass by reference, and theres no need to return $var. function clean(&$var){ $var = trim(strip_tags(mysql_real_escape_string($var))); $var = htmlspecialchars($var,ENT_QUOTES); } Link to comment https://forums.phpfreaks.com/topic/136590-question-about-array_walk/#findComment-713182 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.