Since mysql_real_escape_string requires a MySQL database connection, you must connect to the MySQL database before calling mysql_real_escape_string.
Php:
<?php
function Mysqlclean ($data)
{
Return (Is_array ($data))? Array_map (Mysqlclean, $data): Mysql_real_escape_string ($data);
}
?>
Calling methods
Php:
<?php
$conn = mysql_connect (localhost, user, pass);
...
$_post = Mysqlclean ($_post);
?>
Clean data can be inserted directly into the database.
Attention! Mysql_real_escape_string must be used in cases (PHP 4 >= 4.3.0, PHP 5). Otherwise only use mysql_escape_string, the difference between the two is:
Mysql_real_escape_string takes into account the current character set of the connection, and Mysql_escape_string does not consider it.
Since mysql_real_escape_string requires a MySQL database connection, you must connect to the MySQL database before calling mysql_real_escape_string.
When we know that the data type is a string, we can limit the length of the string while cleaning the data. This method comes from David Lane, Hugh E. Williams Web Database application with PHP and MySQL (OReilly, May 2004)
Php:
<?php
function Mysqlclean ($array, $index, $maxlength)
{
if (Isset ($array [$index]))
{
$input = substr ($array ["{$index}"], 0, $maxlength);
$input = mysql_real_escape_string ($input);
return ($input);
}
return NULL;
}
?>
Call Method:
Php:
<?php
$conn = mysql_connect (localhost, user, pass);
if (Isset ($_post[username]))
{
$_post[username] = Mysqlclean ($_post, username, 20);
Echo $_post[username];
}
?>
Cleans the username in the $_post array and intercepts the first 20 characters.