Using array_map for incoming form data?

[extrovertive]

I noticed some ppl use:

[code=php:0]
$cu_s_number = mysql_real_escape_string($_POST['cu_s_number']);
$cu_s_sample = mysql_real_escape_string($_POST['cu_s_sample']);
$cu_s_wt = mysql_real_escape_string($_POST['cu_s_wt']);
$cu_s_tare = mysql_real_escape_string($_POST['cu_s_tare']);
$cu_s_poste = mysql_real_escape_string($_POST['cu_s_post']);
$cu_s_diff_value = mysql_real_escape_string($_POST['cu_s_diff_value']);
[/code]

However, within a form, if I would like to escape all the data, is this more efficient or is there a problem with this version below?

[code=php:0]

if(isset($_POST['submit']))
{
array_pop($_POST); //remove the submit variable
$_POST = array_map("mysql_real_escape_string", $_POST);

  foreach($_POST as $variable=>$value)
  {
    $$variable = $value;
  }

}

[/code]

[zq29]

I don't see a problem with your second script, but if you are looping through the post array anyway, why not just escape it there? Less typing involved...
[code]<?php
if(isset($_POST['submit'])) {
    array_pop($_POST); //remove the submit variable
    foreach($_POST as $variable=>$value) {
        $$variable = mysql_real_escape_string($value);
    }
}
?>[/code]

[Jenk]

Why remove the submit variable?!

Why remove anything from $_POST in fact?

Also, extracting variables frmo user input is not a wise idea. This is why regsiter_globals is frowned upon.

It is best practice to explicitly use the data you require, $_POST can contain as many fields as the user wishes. You will also have problems if the user submits an array within $_POST if you use that snippet.