[SOLVED] mysql_real_escape_string on POST

davidz · August 6, 2007

Just wondering if there is an easier way to run mysql_real_escape_string on a large POST. We have a form with 20+ text boxes and I don't want to have to run it on each one individually.

Any suggestions?

Thanks,

David

dbo · August 6, 2007

Always filter first then escape! Yes you could easily write a function to loop through the array and escape each post variable but you need to verify that the data entered follows your rules first. I can't stress this enough.

davidz · August 6, 2007

So for example, checking to make sure that in a box where only numeric values are valid, make sure they only put in numbers?

dbo · August 6, 2007

Exactly. The trick is coming up with a nice framework to do this efficiently. And when you get good you can take it further... server and client side validation... prefilling the form with good data and indicating which fields need modified with a messaging system, etc.

davidz · August 6, 2007

Thanks for the info!!

David

Sign In

[SOLVED] mysql_real_escape_string on POST

Recommended Posts

davidz

Link to comment

Share on other sites

dbo

Link to comment

Share on other sites

davidz

Link to comment

Share on other sites

dbo

Link to comment

Share on other sites

davidz

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information