Add mysql_real_escape_string() to entire GET or POST data in php | Techbirds

Posted on: April 28, 2014 /

Categories: PHP / Author Name: Shivek Parmar

Sometimes we have a large set of data coming through requests. At that time we cannot use mysql_real_escape_string() for each and every data coming from GET or POST methods. mysql_real_escape_string() method is used to stop SQL injection attacks which is very important. Therefore we have another method to do the same on entire data to reduce the lines of code as well as time.

$escapedGet = array_map(‘mysql_real_escape_string’, $_GET);

Sometimes there is also a need to store the REQUEST data into some variable having same name as the name coming from GET or POST method. Example: To extract all variables into the current namespace (i.e. $foo = $_GET[‘foo’]):

Therefore rather than getting each and every data and store it in php variables step by step we can do this by just one line of code

extract($escapedGet); print_r(get_defined_vars());

Always remember to reduce lines of code by using algorithm or some tricks.

That’s all for this post. If you have any questions then don’t forget to ask.

617 total views, 1 views today

Share this On