php form post issue

foreach ($_POST as $key => $value) {
   $_POST[$key] = mysql_real_escape_string($value);
}
foreach ($_GET as $key => $value) {
   $_GET[$key] = mysql_real_escape_string($value);
}

Hi all,

I protect my db for oppsite sql injection with above codes. But when i define "name" for checkbox like Checkbox_IDS[ ] form not post values. How can i solve this issue?

Thank you for help, already 开发者_如何学Gonow.

By Checkbox_IDS[] you mean that you encounter array variables. In that case you should use array_walk_recursive, which handles non-flat structures. Look at http://www.php.net/manual/de/security.magicquotes.disabling.php#91653 for some similar examples.

In your case you would do the same but with the appropriate escaping function:

function mysql_real_escape_recursive(&$value)
{
    $value = mysql_real_escape_string($value);
}
array_walk_recursive($_POST, "mysql_real_escape_recursive");
array_walk_recursive($_GET, "mysql_real_escape_recursive");

Note that unilateraly quoting everything as if it were strings might not be suitable in all cases. As you will certainly output some of these variables into HTML context, where this undifferentiated SQL escaping is a hindrance.