mysql_real_escape_string in arrays

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
m2babaey
Forum Contributor
Posts: 364
Joined: Sun May 20, 2007 9:26 am

mysql_real_escape_string in arrays

Post by m2babaey »

Hi
Because I'm asking whether these functions work, I selected this forum for my post
If I have a large website with lots of form data, I have to use mysql_real_escape_string for each form field.
I saw a code somewhere that seems to do all
For example if I include connect.php at the first line of all my php files, and put this code in connect.php, will that be enough?
What do you think?

Code: Select all

$db = mysql_connect("localhost", "user", "pass") or die("Could not connect.");
if(!$db) 
    die("no db");
if(!mysql_select_db("board",$db))
    die("No database selected.");
if(!get_magic_quotes_gpc())
{
  $_GET = array_map('mysql_real_escape_string', $_GET); 
  $_POST = array_map('mysql_real_escape_string', $_POST); 
  $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}
else
{  
   $_GET = array_map('stripslashes', $_GET); 
   $_POST = array_map('stripslashes', $_POST); 
   $_COOKIE = array_map('stripslashes', $_COOKIE);
   $_GET = array_map('mysql_real_escape_string', $_GET); 
   $_POST = array_map('mysql_real_escape_string', $_POST); 
   $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: mysql_real_escape_string in arrays

Post by jackpf »

You've basically recreated magic quotes...which was an awful feature.

Google magic quotes, and you'll find all the reasons why you shouldn't do stuff like that ;)
Post Reply