[SOLVED] Filtering/Encrypting Data while using Foreach

[notepad]

Hi,

 

I am working on a account page for my site, and am stuck with the SQL query.  I use the foreach function so that fields don't get erased with blank info.  But now my problem is sanitizing the information.  Here is my code so far:

 

$qry = 'UPDATE user SET ';

foreach($edituser as $key => $value)
{

if(!empty($value))
{

$qry .= $key . '="' . $value . '", ';

}

}

$qry = substr($sql, 0, -2); //Remove the last space and ,

$qry .= ' WHERE userid=' . $userid;

 

Which works fine, but the posted data is not sanitized.  The only way I can think of sanitizing it is running it all thru a filter like this:

 

$value = preg_replace("/[^A-Za-z0-9]/", "", $value);

 

Which seems simple enough, but I can't do it this way for all fields.  I also can't figure out how to encrypt the new posted password... What would be the simplest way to go about filtering/encrypting data when using the "foreach" function?

 

Thanks!

[corbin]

You could simply addslashes() the data, no?

 

And are you trying to encrypt every field cause that would be easy.... If you're only trying to encrypt the password though, you have no way of knowing which value is which ;p....  Well you could keep up with an incremented variable, but from the look of the foreach, you're receiving a different number of variables some times....

[trq]

You could simply addslashes() the data, no?

 

Or better still, mysql_real_escape_string.

[corbin]

I couldn't remember the name of the function, so I went all lazy with addslashes() ;p.

[notepad]

Hi Thorpe, Corbin. Thanks for the tip, I will be using mysql_escape_real_string.  I also found a very handy function for using it posted by wildteen88 here:

 

http://www.phpfreaks.com/forums/index.php/topic,130495.msg547518.html#msg547518

 

Thanks!