davidz Posted August 6, 2007 Share Posted August 6, 2007 Just wondering if there is an easier way to run mysql_real_escape_string on a large POST. We have a form with 20+ text boxes and I don't want to have to run it on each one individually. Any suggestions? Thanks, David Link to comment https://forums.phpfreaks.com/topic/63623-solved-mysql_real_escape_string-on-post/ Share on other sites More sharing options...
dbo Posted August 6, 2007 Share Posted August 6, 2007 Always filter first then escape! Yes you could easily write a function to loop through the array and escape each post variable but you need to verify that the data entered follows your rules first. I can't stress this enough. Link to comment https://forums.phpfreaks.com/topic/63623-solved-mysql_real_escape_string-on-post/#findComment-317016 Share on other sites More sharing options...
davidz Posted August 6, 2007 Author Share Posted August 6, 2007 So for example, checking to make sure that in a box where only numeric values are valid, make sure they only put in numbers? Link to comment https://forums.phpfreaks.com/topic/63623-solved-mysql_real_escape_string-on-post/#findComment-317023 Share on other sites More sharing options...
dbo Posted August 6, 2007 Share Posted August 6, 2007 Exactly. The trick is coming up with a nice framework to do this efficiently. And when you get good you can take it further... server and client side validation... prefilling the form with good data and indicating which fields need modified with a messaging system, etc. Link to comment https://forums.phpfreaks.com/topic/63623-solved-mysql_real_escape_string-on-post/#findComment-317040 Share on other sites More sharing options...
davidz Posted August 6, 2007 Author Share Posted August 6, 2007 Thanks for the info!! David Link to comment https://forums.phpfreaks.com/topic/63623-solved-mysql_real_escape_string-on-post/#findComment-317052 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.