PHP array_map() and mysqli_real_escape_string()
Question
I want to clean all the data before they will be sent to the database (in each database connection)
if(!get_magic_quotes_gpc()) {
$_GET = array_map('mysqli_real_escape_string', $_GET);
$_POST = array_map('mysqli_real_escape_string', $_POST);
$_COOKIE = array_map('mysqli_real_escape_string', $_COOKIE);
}
The Code above gives me the below error error
mysqli_real_escape_string() expects exactly 2 parameters, 1 given
Anyone knows a better way of achieving this?
1 answers
solution1
0 2019-07-12 05:52:35
You are getting the error because you are using mysqli_real_escape_string instead of mysqli_real_escape_string($connection,$_POST['data']) its required two parameter. mysqli_real_escape_string() is ok to use but if you want to be safe from sql injection you should use PDO prepare statement .See below insert query.
$prov_id = $_POST['prov_id'];
$practice_name = $_POST['prov_id'];
$connection = new PDO("mysql:host=xxxx;dbname=xxxx;", "xxxx", "xxxx"); //database connection
$statement = $connection->prepare('INSERT INTO practices(prov_id,practice_name) VALUES (:prov_id,:practice_name)');
$statement->bindParam(':prov_id', $prov_id);
$statement->bindParam(':practice_name', $practice_name_data);
// etc.
$statement->execute();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.