mysql_real_escape_string in arrays
Posted: Wed Oct 07, 2009 10:22 am
Hi
Because I'm asking whether these functions work, I selected this forum for my post
If I have a large website with lots of form data, I have to use mysql_real_escape_string for each form field.
I saw a code somewhere that seems to do all
For example if I include connect.php at the first line of all my php files, and put this code in connect.php, will that be enough?
What do you think?
Because I'm asking whether these functions work, I selected this forum for my post
If I have a large website with lots of form data, I have to use mysql_real_escape_string for each form field.
I saw a code somewhere that seems to do all
For example if I include connect.php at the first line of all my php files, and put this code in connect.php, will that be enough?
What do you think?
Code: Select all
$db = mysql_connect("localhost", "user", "pass") or die("Could not connect.");
if(!$db)
die("no db");
if(!mysql_select_db("board",$db))
die("No database selected.");
if(!get_magic_quotes_gpc())
{
$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}
else
{
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
$_COOKIE = array_map('stripslashes', $_COOKIE);
$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}