PHP addslashes using array -


i attempting update multiple records using 1 form, have run problem in attempting use addslashes function.

the form looks this:

<form name="form1" method="post" action="editnewscategorysubmit.php"> <table width="405"> <tr> <td width="246"><span class="link1">news category </span></td> <td width="146" colspan="2"><span class="link1">delete?</span></td> </tr> <tr> <td> <input type='text' name='title[]' value='$title' style='width:700px;'> <input type='hidden' name='id[]' value='$id'> </td> <td> <div style='padding-left:8px;'><a onclick='return confirmsubmit()' href='deletenewscategory.php?id=$id'><img src='images/delete.jpg' border='0'></a></div> </td> </tr>                                <tr> <td><input name="image" type="image" src="images/submit.png" alt="submit form" border="0" /></td> <td colspan="2">&nbsp;</td> </tr> </table> </form>

the php code processes looks this:

$identity = $_request['id']; $title = addslashes($_request['title']); include 'connection.php'; for($i=0;$i<count($identity);$i++) { $query = "update newscategory set title = '$title[$i]' id = '$identity[$i]'"; $result = mysql_query($query) or die(mysql_error()); } echo "success. news categories updated."; include 'return.php';

the warning returned is:

warning: addslashes() expects parameter 1 string, array given in /home/u180175506/public_html/editnewscategorysubmit.php on line 71

what trying addslashes (or i'm reading, using mysql_real_escape_string preferred!) each value prior updating table. there i'm missing? thanks!

there multiple ways run function on array. simple loop:

$stillnotsafedata = array(); foreach ($_request $key => $value) {     if (!is_array($value)) {         $stillnotsafedata[$key] = addslashes($value);     } else {         foreach ($value $innerkey => $innervalue) {             $stillnotsafedata[$key][$innerkey] = addslashes($innervalue);         }     } }

or using array_walk_recursive:

array_walk_recursive($_request, function(&$item, $key) {     $item = addslashes($item); });

but note should not use addslashes this. once have valid connection mysql using mysql_* functions can same thing using mres.

but neither should that. mysql_* functions has been officailly deprecated time (and removed in less year language core).

besides fact removed there "edge" cases around it: sql injection gets around mysql_real_escape_string()

long story short: stop using mysql_* functions.

what want use either mysqli or pdo. these support prepared statements , bound parameters. post this: how can prevent sql injection in php?


Comments

Post a Comment

Popular posts from this blog

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more

rewrite - Trouble with Wordpress multiple custom querystrings -

i'm working on adding multiple querystring , doesn't seem work. i've found codes seems work others might i'm missing something. i want like: http://mydomain.com/board/?getyear=2013&getsometext2=sometext to http://mydomain.com/board/2013/sometext/ i added code below functions.php file. doesn't seem work should though. this works. echoing querystring gets both variable without problem. http://mydomain.com/board/2013/sometext/ but doesn't. tested querystring vis isset() seems nothing being set/get http://mydomain.com/board/2013/ function add_query_vars($vars) { $vars[] = "getyear"; $vars[] = "getsometext2"; return $vars; } add_filter('query_vars', 'add_query_vars'); function add_rewrite_rules($arules) { $anewrules = array('board/([^/]+)/([^/]+)/?$' => 'index.php?pagename=board&getyear=$matches[1]&getsometext2=$matches[2]'); $arules = $a...
Read more