stackoom
  简体   繁体   中英

How to use mysql_real_escape_string for an array?

 原文  2012-02-29 06:05:57       php/ mysql/ sql/ arrays/ sql-injection

Question

I want to INSERT a set of data submitted by $_POST (in form of array) as 

foreach($_POST['data'] as $single) {
$set[]="('static', '$single')";
}
$sets=implode(", ", $set);
mysql_query("INSERT INTO table (Static, Data) VALUES $sets");

Where is the best place to use use mysql_real_escape_string to avoid SQL injection, as the data are submitted by users.

2 answers

solution1
 8 ACCPTED  2012-02-29 06:08:34

在去你的第一个foreach之前。 

$_POST['data'] = array_map("mysql_real_escape_string", $_POST['data']);

solution2
 -1  2012-02-29 06:13:29

Try with this: 

foreach($_POST['data'] as $single)
{
    $set[]="('static', mysql_real_escape_string($single))";
}
$sets = implode(", ", $set);
mysql_query("INSERT INTO `table` (`Static`, `Data`) VALUES ".$sets."");

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question When to use mysql_real_escape_string() How to use mysql_real_escape_string function in PHP How to mysql_real_escape_string a zero how mysql_real_escape_string work How to decode mysql_real_escape_string mysql_real_escape_string and ’ Is it necessary to use mysql_real_escape_string() for image into mysql? mysql_real_escape_string does not escape " Using mysql_real_escape_string in a multidimensional array in php Is it safe to use mysql_real_escape_string() for user inputs
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM