Escaping Multiple Post Values for MySQL with PHP

Revision: 23471

at February 8, 2010 11:07 by bradless

Updated Code

foreach($_POST['your_array_here'] as &$val) {
     $val = mysql_real_escape_string($val);
}

// FORM FIELDS EXAMPLE
<input type="text" name="field[p_name]" id="field[p_name]" />
<input type="text" name="field[p_email]" id="field[p_email]" />

// PHP PROCESSING EXAMPLE
function process_form() {
     foreach($_POST['field'] as &$val) {
          $val = mysql_real_escape_string($val);
     }

     extract($_POST['field']);

     $sql = "INSERT INTO my_table (name, email) VALUES ('$p_name', '$p_email')";

     mysql_query($sql) or die ('An error has occurred');
}

Revision: 23470

at February 8, 2010 11:06 by bradless

Initial Code

foreach($_POST['your_array_here'] as &$val) {
     $val = mysql_real_escape_string($val);
}

// FORM FIELDS EXAMPLE
<input type="text" name="field[p_name]" id="field[p_name]" />
<input type="text" name="field[p_email]" id="field[p_email]" />

// PHP PROCESSING EXAMPLE
function process_form() {
     foreach($_POST['field'] as &$val) {
          $val = mysql_real_escape_string($val);
     }

     extract($_POST['field']);

     $sql = "INSERT INTO my_table (name, email) VALUES ('$p_name', '$p_email');

     mysql_query($sql) or die ('An error has occurred');
}

Initial URL

Initial Description

This is useful for escaping multiple values in a POST array.

Initial Title

Escaping Multiple Post Values for MySQL with PHP

Initial Tags

mysql, php, security

Initial Language

PHP

Choose a language for easy browsing: