This article shares an article about how to use array_map () to call mysql_real_escape_string to clear the array. For more information, see this article. This article shares an article about how to use array_map () to call mysql_real_escape_string to clear the array. For more information, see this article.
Script ec (2); script
Use array_map () to call mysql_real_escape_string to clear the Array
Because mysql_real_escape_string requires MySQL database connection, you must connect to the MySQL database before calling mysql_real_escape_string.
The Code is as follows: |
|
// Description: Use array_map () to call mysql_real_escape_string to clear the array. // Finishing: http://www.111cn.net Function mysqlClean ($ data) { Return (is_array ($ data ))? Array_map ('mysqlclean', $ data): mysql_real_escape_string ($ data ); } ?> |
Call Method
The Code is as follows: |
|
$ Conn = mysql_connect ('localhost', 'user', 'pass '); $ _ POST = mysqlClean ($ _ POST ); ?> |
The cleaned data can be directly inserted into the database.
Note! Mysql_real_escape_string can be used only when (PHP 4> = 4.3.0, PHP 5. Otherwise, only mysql_escape_string can be used. The difference between the two is:
Mysql_real_escape_string considers the current character set to be connected, while mysql_escape_string does not.
Use mysql_real_escape_string to clean and limit the length of Characters
Because mysql_real_escape_string requires MySQL database connection, you must connect to the MySQL database before calling mysql_real_escape_string.
When we know that the data type is string, we can limit the length of the string while cleaning the data. This method comes from David Lane, Hugh E. Williams Web Database Application with PHP and MySQL (O 'Reilly, May 2004)
The Code is as follows: |
|
// Description: Use mysql_real_escape_string to clean and limit the character length. // Finishing: http://www.111cn.net Function mysqlClean ($ array, $ index, $ maxlength) { If (isset ($ array [$ index]) { $ Input = substr ($ array ["{$ index}"], 0, $ maxlength ); $ Input = mysql_real_escape_string ($ input ); Return ($ input ); } Return NULL; } ?> |
Call method:
The Code is as follows: |
|
$ Conn = mysql_connect ('localhost', 'user', 'pass '); If (isset ($ _ POST ['username']) { $ _ POST ['username'] = mysqlClean ($ _ POST, 'username', 20 ); Echo $ _ POST ['username']; } ?> |
Clean the 'username' in the $ _ POST array and extract the first 20 characters.