...

View Full Version : Using mysql_prep() with an array



MaDmiX
08-08-2012, 06:28 PM
Hi All,

I am trying to use the mysql_prep() function on a form processing script as follows:

$SegmentNotes = mysql_prep($_POST['SegmentNotes[]']);

The data is not being written to my database. If I remove the mysql_prep() function the data writes just fine but since it is a text field, I really need to use the function. If I write as follows:

$SegmentNotes = mysql_prep($_POST['SegmentNotes']);

I get an error that mysql_prep() was expecting a string. Is there a way (or an alternate function) to use mysql_prep() on an array?

Thanks,

Ken

AndrewGSW
08-08-2012, 07:10 PM
mysql_prep is not a standard function. Examples that I've seen take a single string argument and clean this text for inclusion in a sql statement, not an array.

If you have such a function then I suppose you could do:


$CleanNotes = array_map('mysql_prep', $_POST['SegmentNotes']);

MaDmiX
08-08-2012, 08:54 PM
Hi AndrewGSW,

I had forgotton that I got that function from an online PHP course :-)

Here is the code:

function mysql_prep( $value ) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
if( $new_enough_php ) { // PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if( $magic_quotes_active ) { $value = stripslashes( $value ); }
$value = mysql_real_escape_string( $value );
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if( !$magic_quotes_active ) { $value = addslashes( $value ); }
// if magic quotes are active, then the slashes already exist
}
return $value;
}

I will see if I can create a function based on your suggestion that will handle arrays. Thanks for your help!

Kind regards,

Ken

AndrewGSW
08-08-2012, 09:02 PM
Why not use 'array_map' which will feed all your POST/SegmentNotes data into the mysql_prep function, returning an array as the result?

MaDmiX
08-09-2012, 04:18 PM
Yes that would be the best approach. That's what you had suggested originally, right? I wasn't sure about using that approach because i though that the mysql_prep() function would still want a string and would bomb when fed the $_POST['SegmentNotes'] array. I will give it a try, though.

AndrewGSW
08-09-2012, 05:35 PM
$CleanNotes = array_map('mysql_prep', $_POST['SegmentNotes']);

Will feed each of the SegmentNotes elements (strings) into the function mysql_prep() one by one, returning all the results into the new array CleanNotes.

MaDmiX
08-11-2012, 12:36 AM
$CleanNotes = array_map('mysql_prep', $_POST['SegmentNotes']);

Will feed each of the SegmentNotes elements (strings) into the function mysql_prep() one by one, returning all the results into the new array CleanNotes.

I haven't been able to work on this project for a while but array_map() is exactly what I need. I'll post back when I have it working. Thanks for your help.

Kind regards,

Ken

MaDmiX
09-12-2012, 04:51 PM
I haven't been able to work on this project for a while but array_map() is exactly what I need. I'll post back when I have it working. Thanks for your help.

Kind regards,

Ken

Just got round to doing this lol. It works fine and I just wanted to say thanks.

Ken



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum