Array_Map on $_POST variables from a multiple select list

Question

I am trying to run an array_map (two, technically) on all values received from a $_POST variable, from a multiple select list.

Here's the code:

$culture = array_map('mysql_real_escape_string', array_map('html2txt', $_POST['culture[]']));

Should this work?

Don't use `mysql_real_escape_string` to escape database values. It is not a secure solution. Instead, use parameterized queries. See my answer to this other question: http://stackoverflow.com/questions/8165500/efficiently-sanitize-user-entered-text/8169705#8169705 — Polynomial, Nov 23 '11 at 15:48

score 1 · Accepted Answer · answered Nov 23 '11 at 15:48

1

That code looks perfectly fine to me. That's the way to do consecutive array_map's.

answered Nov 23 '11 at 15:48

Dogbert

Addendum: That looks fine to me, *except the glaring security issues*. – Polynomial Nov 23 '11 at 16:04

1 Answers1