devWhiz Posted February 3, 2012 Share Posted February 3, 2012 $_POST['user_name'] = "CLUEL3SS"; $_POST['user_pass'] = "test123"; $_POST['confirm_pass'] = "test123"; $_POST['user_email'] = "user@email.com"; $_POST['confirm_pass'] = 'user@email.com'; function testFunc($inputVars){ foreach($inputVars as $key=>$value){ $escapeData[$key] = mysql_real_escape_string($value); } return $escapeData; } var_dump(testFunc($_POST)); I'm trying to make a user system for my site and I want to make sure its secure enough to void off injection attackers. Any useful advice and and suggestions would be greatly appreciated! Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/ Share on other sites More sharing options...
Pikachu2000 Posted February 3, 2012 Share Posted February 3, 2012 If you just want to perform the same operation on all elements of an array, you can use array_map. Beyond that, since all those values are strings, and you use mysql_real_escape_string(), you should be fine. Quote Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314254 Share on other sites More sharing options...
devWhiz Posted February 3, 2012 Author Share Posted February 3, 2012 so something like this $_POST['user_name'] = "CLUEL3SS"; $_POST['user_pass'] = "test123"; $_POST['confirm_pass'] = "yes123"; $_POST['user_email'] = "user@email.com"; $_POST['confirm_pass'] = 'user@email.com'; $userData = array_map('mysql_real_escape_string', $_POST); print_r($userData); Quote Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314257 Share on other sites More sharing options...
Pikachu2000 Posted February 4, 2012 Share Posted February 4, 2012 Yes. Remember to establish your connection to the db before using mysql_real_escape_string, too. Quote Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314263 Share on other sites More sharing options...
ignace Posted February 4, 2012 Share Posted February 4, 2012 so something like this $_POST['user_name'] = "CLUEL3SS"; $_POST['user_pass'] = "test123"; $_POST['confirm_pass'] = "yes123"; $_POST['user_email'] = "user@email.com"; $_POST['confirm_pass'] = 'user@email.com'; $userData = array_map('mysql_real_escape_string', $_POST); print_r($userData); This will work if you only have one DB connection. If you work with more than one DB server you should use something like: $userData = array_map(function($value) use (&$db2) { return mysql_real_escape_string($value, $db2); }, $_POST); $db2 being the database connection you want to use. Quote Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314391 Share on other sites More sharing options...
scootstah Posted February 4, 2012 Share Posted February 4, 2012 so something like this $_POST['user_name'] = "CLUEL3SS"; $_POST['user_pass'] = "test123"; $_POST['confirm_pass'] = "yes123"; $_POST['user_email'] = "user@email.com"; $_POST['confirm_pass'] = 'user@email.com'; $userData = array_map('mysql_real_escape_string', $_POST); print_r($userData); This will work if you only have one DB connection. If you work with more than one DB server you should use something like: $userData = array_map(function($value) use (&$db2) { return mysql_real_escape_string($value, $db2); }, $_POST); $db2 being the database connection you want to use. Keep in mind this only works on PHP >= 5.3.0 Quote Link to comment https://forums.phpfreaks.com/topic/256354-how-is-this-to-prevent-mysql-injection/#findComment-1314421 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.