Results 1 to 5 of 5
  1. #1
    Join Date
    Feb 2008
    Posts
    8

    Unanswered: mysqli_real_escape_string in a foreach loop

    Hello all,

    This is sort of a continuation on another topic. I had a question, and I can't seem to tell if any action is being taken on my data. I have the bit of code below where I run all my form post variables through this foreach loop.

    If this actually using the mysqli_real_escape_string to clean all my input, or am I missing something here?

    foreach ($Input as $CleanValue){
    $CleanValue = mysqli_real_escape_string($CleanValue);
    }

    I tried printing the data before and after the process but I don't notice any visible difference when the data prints to my screen.

    Thanks,
    Steven

  2. #2
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    what you are doing is assigning the value from (presumably) an associative array $CleanValue to a new value $Input. you are then changing the value of CleanValue by using mysqli_real_escape_string

    I don't understand what the purpose of $Input is.

    mysqli_real_escape_string only chanegs specific characters, so unless they are in the data stream you are not going to see any changes.

    I think you woudl be better off either explcitly processign each post variable which yiou think nay be suspect and/or will be used in a MySQL db
    $parameter1 = I don't know if you can do this (change a vlaue of one of the post variable) but I think this is what you want to do something like
    $parameter1 = mysqli_real_escape_string($POST['<myvariableid1>'])
    $parameter2 = mysqli_real_escape_string($POST['<myvariableid2>'])
    $parametern = mysqli_real_escape_string($POST['<myvariableidn>'])
    HTH

  3. #3
    Join Date
    Mar 2007
    Location
    636f6d7075746572
    Posts
    770
    You can do it using a reference in your foreach loop, e.g.

    Code:
    foreach ($Input as &$CleanValue){
    $CleanValue = mysqli_real_escape_string($CleanValue);
    }
    This will set $CleanValue as a reference to the internal array variable, thus when you make any change, i.e. = , you will be assigning the value into the array rather than a new separate variable.

  4. #4
    Join Date
    Feb 2008
    Posts
    8
    Quote Originally Posted by aschk
    You can do it using a reference in your foreach loop, e.g.

    Code:
    foreach ($Input as &$CleanValue){
    $CleanValue = mysqli_real_escape_string($CleanValue);
    }
    This will set $CleanValue as a reference to the internal array variable, thus when you make any change, i.e. = , you will be assigning the value into the array rather than a new separate variable.
    So if I want to clean every element in this array in order to put it into a mysql query this foreach loop would work?

    Thanks for the clarification,
    Teven

  5. #5
    Join Date
    Mar 2007
    Location
    636f6d7075746572
    Posts
    770
    Try it and see ...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •