Reputation:
PHP addslashes using array
I am attempting to update multiple records using one form, but have run into a problem in attempting to use the addslashes function.
The form looks like this:
<form name="form1" method="post" action="editnewscategorysubmit.php">
<table width="405">
<tr>
<td width="246"><span class="link1">News Category </span></td>
<td width="146" colspan="2"><span class="link1">Delete?</span></td>
</tr>
<tr>
<td>
<input type='text' name='title[]' value='$title' style='width:700px;'>
<input type='hidden' name='id[]' value='$id'>
</td>
<td>
<div style='padding-left:8px;'><a onclick='return confirmSubmit()' href='deletenewscategory.php?id=$id'><img src='images/delete.jpg' border='0'></a></div>
</td>
</tr>
<tr>
<td><input name="image" type="image" src="images/submit.png" alt="Submit Form" border="0" /></td>
<td colspan="2"> </td>
</tr>
</table>
</form>
The PHP code that processes this looks like this:
$identity = $_REQUEST['id'];
$title = addslashes($_REQUEST['title']);
include 'connection.php';
for($i=0;$i<count($identity);$i++)
{
$query = "update newscategory set title = '$title[$i]' where id = '$identity[$i]'";
$result = mysql_query($query) or die(mysql_error());
}
echo "Success. The news categories were updated.";
include 'return.php';
The warning that is returned is:
Warning: addslashes() expects parameter 1 to be string, array given in /home/u180175506/public_html/editnewscategorysubmit.php on line 71
What I am trying to do is to addslashes (or from what I'm reading, using mysql_real_escape_string is preferred!) to each value prior to updating the table. Is there something I'm missing? Thanks!
Upvotes: 1
Views: 20164
Answers (3)
Reputation: 1941
Function:
function addslashes_recursive( $data )
{
if ( is_array( $data ) )
{
return array_map( 'addslashes', $data );
}
else
{
return addslashes( $data );
}
}
Single line
$array = array_map( 'addslashes', $array );
Upvotes: 10
Reputation: 72652
There are multiple ways to run some function over an array. A simple loop:
$stillNotSafeData = array();
foreach ($_REQUEST as $key => $value) {
if (!is_array($value)) {
$stillNotSafeData[$key] = addslashes($value);
} else {
foreach ($value as $innerKey => $innerValue) {
$stillNotSafeData[$key][$innerKey] = addslashes($innerValue);
}
}
}
Or using array_walk_recursive:
array_walk_recursive($_REQUEST, function(&$item, $key) {
$item = addslashes($item);
});
But as you already note you should not use addslashes for this. However once you have a valid connection to mysql using the mysql_* functions you can do the same thing using mres.
But you neither should do that. The mysql_* functions has been officailly deprecated for some time now (and will be removed in less than a year from the language core).
Besides the fact it will be removed soon there are also some "edge" cases which get around it: SQL injection that gets around mysql_real_escape_string()
Long story short: stop using the mysql_* functions.
What you really want to do is use either mysqli or PDO. These support prepared statements and bound parameters. This post will help you with this: How can I prevent SQL injection in PHP?
Upvotes: 3
Reputation: 11
array_map('addslashes', $_REQUEST['title']);
http://php.net/manual/en/function.array-map.php
Ofcourse there are other ways to apply function to each array element. You can foreach() it, and apply addslashes() to each value, or assign $var to addslashes($title[$i]) in your for loop.
Upvotes: 0
Related Questions
- PHP addslashes to a $_POST array
- Preparing an array of strings to add to database
- display backslashes as array values
- PHP how to add slashes into array
- addslashes not worked in php
- PHP stripslashes problem
- Why does the addslashes() function not work on my array in php?
- Addslashes displays as forward slashes in php
- PHP 'addslashes' not behaving as expected
- addslashes and addcslahes