0

i have a problem. I want to mask via mysql_real_escape_string all $_POST Variables (include $_POST array). The Script mask only $_POST['das'] and no $_POST[template_id] (its empty)

How can i mask $_POST[template_id]?

<?php

$dbcon = mysql_connect('localhost', 'xxx', 'xxx') or 
exit(mysql_error());
mysql_select_db('xxx', $dbcon) or exit(mysql_error());

function your_filter($value) {
$newVal = trim($value);
$newVal = mysql_real_escape_string($newVal);
return $newVal;
}

foreach($_POST as $key => $value) {
$_POST[$key] = your_filter($value);
}

?>


    <form action='' method='post'>
    <input type='checkbox' class='flat' name='template_id[]' value='"2'>A<br>
    <input type='checkbox' class='flat' name='template_id[]' value='3'>B<br>
   <input type='text' class='flat' name='das' value='"test'> b<br>
   <input type='submit'>
   </form>
Em Hi
  • 59
  • 6
  • 1
    [Please stop using mysql_ functions, as they have been removed from PHP](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Machavity May 02 '17 at 18:36
  • this is not a duplicate, the other question is only fpr $_POST arrays and no normal $_POST – Em Hi May 02 '17 at 18:43
  • You mean `$_POST[template_id]` is an array, not a normal indexed value? – chris85 May 02 '17 at 18:45
  • yes template_id[] is an array and the other $_POST is not an array – Em Hi May 02 '17 at 18:46
  • mysql_real_escape only functs for the $_POST[das] and not $_POST[template_id] – Em Hi May 02 '17 at 18:50
  • @EmHi Uhm... `$_POST` is always an array... – Machavity May 02 '17 at 19:07
  • this is what i search: $array = $_POST; function myFunc(&$item, $key) { $item = mysql_real_escape_string($item); } array_walk_recursive($array,'myFunc'); var_dump($array); – Em Hi May 02 '17 at 20:01

0 Answers0