notepad Posted May 3, 2007 Share Posted May 3, 2007 Hi, I am working on a account page for my site, and am stuck with the SQL query. I use the foreach function so that fields don't get erased with blank info. But now my problem is sanitizing the information. Here is my code so far: $qry = 'UPDATE user SET '; foreach($edituser as $key => $value) { if(!empty($value)) { $qry .= $key . '="' . $value . '", '; } } $qry = substr($sql, 0, -2); //Remove the last space and , $qry .= ' WHERE userid=' . $userid; Which works fine, but the posted data is not sanitized. The only way I can think of sanitizing it is running it all thru a filter like this: $value = preg_replace("/[^A-Za-z0-9]/", "", $value); Which seems simple enough, but I can't do it this way for all fields. I also can't figure out how to encrypt the new posted password... What would be the simplest way to go about filtering/encrypting data when using the "foreach" function? Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/49752-solved-filteringencrypting-data-while-using-foreach/ Share on other sites More sharing options...
corbin Posted May 3, 2007 Share Posted May 3, 2007 You could simply addslashes() the data, no? And are you trying to encrypt every field cause that would be easy.... If you're only trying to encrypt the password though, you have no way of knowing which value is which ;p.... Well you could keep up with an incremented variable, but from the look of the foreach, you're receiving a different number of variables some times.... Quote Link to comment https://forums.phpfreaks.com/topic/49752-solved-filteringencrypting-data-while-using-foreach/#findComment-244036 Share on other sites More sharing options...
trq Posted May 3, 2007 Share Posted May 3, 2007 You could simply addslashes() the data, no? Or better still, mysql_real_escape_string. Quote Link to comment https://forums.phpfreaks.com/topic/49752-solved-filteringencrypting-data-while-using-foreach/#findComment-244042 Share on other sites More sharing options...
corbin Posted May 3, 2007 Share Posted May 3, 2007 I couldn't remember the name of the function, so I went all lazy with addslashes() ;p. Quote Link to comment https://forums.phpfreaks.com/topic/49752-solved-filteringencrypting-data-while-using-foreach/#findComment-244046 Share on other sites More sharing options...
notepad Posted May 4, 2007 Author Share Posted May 4, 2007 Hi Thorpe, Corbin. Thanks for the tip, I will be using mysql_escape_real_string. I also found a very handy function for using it posted by wildteen88 here: http://www.phpfreaks.com/forums/index.php/topic,130495.msg547518.html#msg547518 Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/49752-solved-filteringencrypting-data-while-using-foreach/#findComment-245001 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.