devWhiz Posted February 3, 2012 Share Posted February 3, 2012 $_POST['user_name'] = "CLUEL3SS"; $_POST['user_pass'] = "test123"; $_POST['confirm_pass'] = "test123"; $_POST['user_email'] = "[email protected]"; $_POST['confirm_pass'] = '[email protected]'; function testFunc($inputVars){ foreach($inputVars as $key=>$value){ $escapeData[$key] = mysql_real_escape_string($value); } return $escapeData; } var_dump(testFunc($_POST)); I'm trying to make a user system for my site and I want to make sure its secure enough to void off injection attackers. Any useful advice and and suggestions would be greatly appreciated! Thanks! Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/ Share on other sites More sharing options...
Pikachu2000 Posted February 3, 2012 Share Posted February 3, 2012 If you just want to perform the same operation on all elements of an array, you can use array_map. Beyond that, since all those values are strings, and you use mysql_real_escape_string(), you should be fine. Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314254 Share on other sites More sharing options...
devWhiz Posted February 3, 2012 Author Share Posted February 3, 2012 so something like this $_POST['user_name'] = "CLUEL3SS"; $_POST['user_pass'] = "test123"; $_POST['confirm_pass'] = "yes123"; $_POST['user_email'] = "[email protected]"; $_POST['confirm_pass'] = '[email protected]'; $userData = array_map('mysql_real_escape_string', $_POST); print_r($userData); Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314257 Share on other sites More sharing options...
Pikachu2000 Posted February 4, 2012 Share Posted February 4, 2012 Yes. Remember to establish your connection to the db before using mysql_real_escape_string, too. Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314263 Share on other sites More sharing options...
ignace Posted February 4, 2012 Share Posted February 4, 2012 so something like this $_POST['user_name'] = "CLUEL3SS"; $_POST['user_pass'] = "test123"; $_POST['confirm_pass'] = "yes123"; $_POST['user_email'] = "[email protected]"; $_POST['confirm_pass'] = '[email protected]'; $userData = array_map('mysql_real_escape_string', $_POST); print_r($userData); This will work if you only have one DB connection. If you work with more than one DB server you should use something like: $userData = array_map(function($value) use (&$db2) { return mysql_real_escape_string($value, $db2); }, $_POST); $db2 being the database connection you want to use. Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314391 Share on other sites More sharing options...
scootstah Posted February 4, 2012 Share Posted February 4, 2012 so something like this $_POST['user_name'] = "CLUEL3SS"; $_POST['user_pass'] = "test123"; $_POST['confirm_pass'] = "yes123"; $_POST['user_email'] = "[email protected]"; $_POST['confirm_pass'] = '[email protected]'; $userData = array_map('mysql_real_escape_string', $_POST); print_r($userData); This will work if you only have one DB connection. If you work with more than one DB server you should use something like: $userData = array_map(function($value) use (&$db2) { return mysql_real_escape_string($value, $db2); }, $_POST); $db2 being the database connection you want to use. Keep in mind this only works on PHP >= 5.3.0 Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314421 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.