MaDmiX
08-08-2012, 06:28 PM
Hi All,
I am trying to use the mysql_prep() function on a form processing script as follows:
$SegmentNotes = mysql_prep($_POST['SegmentNotes[]']);
The data is not being written to my database. If I remove the mysql_prep() function the data writes just fine but since it is a text field, I really need to use the function. If I write as follows:
$SegmentNotes = mysql_prep($_POST['SegmentNotes']);
I get an error that mysql_prep() was expecting a string. Is there a way (or an alternate function) to use mysql_prep() on an array?
Thanks,
Ken
AndrewGSW
08-08-2012, 07:10 PM
mysql_prep is not a standard function. Examples that I've seen take a single string argument and clean this text for inclusion in a sql statement, not an array.
If you have such a function then I suppose you could do:
$CleanNotes = array_map('mysql_prep', $_POST['SegmentNotes']);
MaDmiX
08-08-2012, 08:54 PM
Hi AndrewGSW,
I had forgotton that I got that function from an online PHP course :-)
Here is the code:
function mysql_prep( $value ) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
if( $new_enough_php ) { // PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if( $magic_quotes_active ) { $value = stripslashes( $value ); }
$value = mysql_real_escape_string( $value );
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if( !$magic_quotes_active ) { $value = addslashes( $value ); }
// if magic quotes are active, then the slashes already exist
}
return $value;
}
I will see if I can create a function based on your suggestion that will handle arrays. Thanks for your help!
Kind regards,
Ken
AndrewGSW
08-08-2012, 09:02 PM
Why not use 'array_map' which will feed all your POST/SegmentNotes data into the mysql_prep function, returning an array as the result?
MaDmiX
08-09-2012, 04:18 PM
Yes that would be the best approach. That's what you had suggested originally, right? I wasn't sure about using that approach because i though that the mysql_prep() function would still want a string and would bomb when fed the $_POST['SegmentNotes'] array. I will give it a try, though.
AndrewGSW
08-09-2012, 05:35 PM
$CleanNotes = array_map('mysql_prep', $_POST['SegmentNotes']);
Will feed each of the SegmentNotes elements (strings) into the function mysql_prep() one by one, returning all the results into the new array CleanNotes.
MaDmiX
08-11-2012, 12:36 AM
$CleanNotes = array_map('mysql_prep', $_POST['SegmentNotes']);
Will feed each of the SegmentNotes elements (strings) into the function mysql_prep() one by one, returning all the results into the new array CleanNotes.
I haven't been able to work on this project for a while but array_map() is exactly what I need. I'll post back when I have it working. Thanks for your help.
Kind regards,
Ken
MaDmiX
09-12-2012, 04:51 PM
I haven't been able to work on this project for a while but array_map() is exactly what I need. I'll post back when I have it working. Thanks for your help.
Kind regards,
Ken
Just got round to doing this lol. It works fine and I just wanted to say thanks.
Ken
