Jump to content

Recommended Posts

I wanted to addslashes to all the $_POST vars

but this code does not work (I think)

$t=count($_POST);
//echo $t;
for($i=0; $i<$t; $i++){
	$_POST[$i]=addslashes($_POST[$i]);
//		echo $i;
}

 

The array before slashes is

Array ( [brand] => 1....... [submit] => update bike )

The array after slashes is

Array ( [brand] => 1 ...... [submit] => update bike [0] => [1] => [2] => [3] => [4] => [5] => [6] => [7] => [8] => [9] => [10] => [11] => [12] => [13] => [14] => [15] => [16] => [17] => [18] => [19] => [20] => [21] => [22] => [23] => [24] => )

 

So can anyone help me how I could do this or is it a bad idea to addslashes() on all the values even the ones that do not need it like numerical values ?

 

Maybe it will work with the foreach function but I could never get the hang of it since it works in general on a copy of the array and not the array itself (I think)

 

kind regards

anatak

Link to comment
https://forums.phpfreaks.com/topic/166313-solved-addslashes-_post/
Share on other sites

first, let's back up...

 

1) You shouldn't alter the $_POST variable. It's a PHP global, and it's bad practice. Instead, you should be putting the values into a new variable.

2) Why do you want to do this? If you are using the values in a DB, you should be using the DB's escape function.

And I am using Mysql db

up till now what I did was put all the $_POST vars in a different var and then addslash the new var

but since I thought that this way was going to save time I was thinking about doing it this way.

 

Anyway thanks for the don't alter the $_POST vars I ll guess I have to do it the old way then

 

Are you talking about a db function or a php function for the mysql db ?

I found this

http://us2.php.net/manual/en/function.mysql-real-escape-string.php

but that is a php function.

 

and what would be the difference between addslashes and “mysql_real_escape_string()” ?

 

kind regards

And I am using Mysql db

up till now what I did was put all the $_POST vars in a different var and then addslash the new var

but since I thought that this way was going to save time I was thinking about doing it this way.

 

Anyway thanks for the don't alter the $_POST vars I ll guess I have to do it the old way then

 

Are you talking about a db function or a php function for the mysql db ?

I found this

http://us2.php.net/manual/en/function.mysql-real-escape-string.php

but that is a php function.

 

and what would be the difference between addslashes and “mysql_real_escape_string()” ?

 

kind regards

 

Yes, you want to use mysql_real_escape_string().  The difference between that and addslashes() is that addslashes() doesn't add slashes (say that three times fast!) to everything that could compromise your db down the line.  It's just a matter of using the right tool for the job.  Since there are db-specific functions in the language itself, that should be taken as a hint that you should use those rather than creating a custom solution.  After all, they're in the language for a reason.

I guess I only have to use the mysql_real_escape_string() on string values

but of course I have to test to see if the numerical fields only contain numbers.

 

time to write some more test scripting

creating a site and scripts 20% time

making the site idiot proof 40$ time

making the site real idiot proof and hardened against malicious individuals 40% time.

 

Thanks

have a nice day/afternoon/evening/night (depending on where you are)

anatak

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.