where should i put the mysqli_real_escape_string

Question

i have code like this but when i click submit its give me error mysqli_real_escape_string() expects parameter 2 to be string, array given where should i do or put the mysqli_real_escape_string ?

if(!empty($_POST['poscon'])) {
        foreach($_POST['poscon'] as $condition) 
            $condition=mysqli_real_escape_string($link,$_POST['poscon']);

read this documentation of mysqli_real_escape_string: http://php.net/manual/en/mysqli.real-escape-string.php — aldrin27, Aug 11 '15 at 03:26
you probably can't do this `foreach($_POST['poscon'] as $condition)` - if so, then you're using the wrong variable. do `$condition=mysqli_real_escape_string($link,$condtion);` - see your `as $condition` ? — Funk Forty Niner, Aug 11 '15 at 03:27
that should be mysqli_real_escape_string($link,$condition); because $_POST['poscon'] is an array. — Faytraneozter, Aug 11 '15 at 03:28
can you please show us the data of $_POST['poscon']. in your question — Oli Soproni B., Aug 11 '15 at 03:30
I'm hesitant to post that as answer, as it may lead to a long haul. Too many unknowns. But if it has, let me know. — Funk Forty Niner, Aug 11 '15 at 03:30
I also see this as being related to your other question http://stackoverflow.com/q/31925707/ — Funk Forty Niner, Aug 11 '15 at 03:33
@Dagon I just don't want to be taken for a long haul neither. If the OP says "go", I'll go. — Funk Forty Niner, Aug 11 '15 at 03:35
15 mins into my code suggestion and nothing from the OP. That moment of silence says "Don't do it Fred". Yo, if you're going to want some help, you need to talk to us here. — Funk Forty Niner, Aug 11 '15 at 03:39
made a typo in condition `$condition=mysqli_real_escape_string($link,$condition);` - talk to me here. — Funk Forty Niner, Aug 11 '15 at 03:44

score 0 · Accepted Answer · answered Aug 11 '15 at 03:45

0

Seeing you're not responding to comments, I'm posting this as an answer.
- Maybe you'll respond then.

You see your foreach($_POST['poscon'] as $condition)?

You're using the wrong parameter and passing the array instead of the $condition variable.

Do $condition=mysqli_real_escape_string($link,$condition);

answered Aug 11 '15 at 03:45

Funk Forty Niner

74,450
15
68
141

Please give me example before `mysqli_real_escape_string` and after the string which gets generated. As it casuse confusion and no example is given. – Pratik Joshi Dec 12 '15 at 14:08
@PratikCJoshi Given that the OP did not supply anything else in their question, I won't be able to provide you with that information, other than visiting the PHP.net's website on the function http://php.net/manual/en/mysqli.real-escape-string.php and tutorials site. – Funk Forty Niner Dec 12 '15 at 14:28
Hi Fred, there is NO input and output after using the function. And I checked Lots of answers here but nothing gave me output after applying function. Maybe you can supply us answer! – Pratik Joshi Dec 12 '15 at 14:32
@PratikCJoshi you need to post a question about this. Stack doesn't approve about responding to questions for someone else. Sorry, but that's how Stack works. – Funk Forty Niner Dec 12 '15 at 14:34

score 0 · Answer 2 · edited May 23 '17 at 10:27

When ever you taking user inputs from the view you should check.

mysqli_real_escape_string Definition

This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.

mysqli_real_escape_string Manual

Normal text

Early `$name = $_POST['name'];`        
New Practice `$name = mysqli_real_escape_string($_POST['name'])`

URL

Early `$url = $_POST['url'];`        
New Practice `FILTER_VALIDATE_URL` [Check Example](http://www.w3schools.com/php/filter_validate_url.asp)

E-Mail

Early `$email = $_POST['email'];`        
New Practice `FILTER_VALIDATE_EMAIL` [Check Example](http://www.w3schools.com/php/filter_validate_email.asp)

where should i put the mysqli_real_escape_string

2 Answers2