MySQLReal_Escape_String and Strip_tags protection
Posted: Mon May 21, 2012 8:13 am
I have a FOR EACH loop, which is applied on a check-box, but when I applied protections to protect it against SQL injection and XSS, it gives me errors. Here the codes below:
The check-box name is:
<input type="checkbox" name="delete[]" value="'.$row['img_ID'].'"/>
The errors I'm getting:
Warning: strip_tags() expects parameter 1 to be string
Warning: Invalid argument supplied for foreach()
Notice: Undefined variable: ids
Warning: implode() [function.implode]: Invalid arguments passed
When I remove the protections, the codes work perfectly...
The check-box name is:
<input type="checkbox" name="delete[]" value="'.$row['img_ID'].'"/>
Code: Select all
if (isset($_POST['delete'])) {
$del_img = mysql_real_escape_string(strip_tags($_POST['delete']));
foreach($del_img as $id => $val)
{
$ids[] = $val;
}
mysql_query("DELETE FROM photos WHERE img_ID IN (".implode(',',$ids).")");
echo "Record Deleted.";
}Warning: strip_tags() expects parameter 1 to be string
Warning: Invalid argument supplied for foreach()
Notice: Undefined variable: ids
Warning: implode() [function.implode]: Invalid arguments passed
When I remove the protections, the codes work perfectly...