AAA
Reputation: 3168
How to add mysql_real_escape_string to this code?
I am unsure as to how to add escape string to the $_POST['scan'] I used
$var = mysql_real_escape_string($_POST['scan']);
And then swapped it with the $_POST['scan'] in the code but it won't work. It just shows me blank screen.
foreach ($_POST['scan'] as $key => $value1) {
echo "$value1, ";
}
Upvotes: 0
Views: 78
Answers (2)
user1070017
Reputation:
try: print_r($_POST);
to see what you are getting in your post variables. Are you even passing an array via $_POST['scan'] or any data at all? As someone else alluded to, mysql_real_escape_string is to be used on a string prior to inserting into mysql, and hopefully after the string has been validated/sanitized.
Upvotes: 0
Tom van der Woerdt
Reputation: 29985
mysql_real_escape_string($str) is used for escaping SQL queries, not for displaying to the user. You may like to use htmlentities($str) or htmlspecialchars($str) instead.
Upvotes: 2
Related Questions
- How to use mysql_real_escape_string function in PHP
- PHP, mysql_real_escape_string and MySQL query
- Issue with mysql_real_escape_string()
- how do I use mysql real escape string?
- Struggling with mysql_real_escape_string
- Issue with mysql_real_escape_string
- Problems with mysql_real_escape_string
- mysql_real_escape_string not working?
- error while using mysql_real_escape_string()
- whats wrong with this php mysql_real_escape_string