Skip to content
Advertisement

Sanitizing form data in PHP

Is it possible to sanitize all input sent by one method in PHP by simply doing

$var = mysql_real_escape_string($_POST);

and then access elements of $var as I would have of $_POST ?

Advertisement

Answer

I don’t think you can call mysql_real_escape_string on an array.

But this would work

$cleanData = array_map('mysql_real_escape_string', $_POST);

array_map works by calling the function named in quotes on every element of the array passed to it and returns a new array as the result.

Like superUntitled, I prefer to have a custom function that uses the built-in sanitizing functions as appropriate. But you could still use a custom function with array_map to achieve the same result.

User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement