How to use mysqli_real_escape_string to san an array parsed by json ajax?

Question

I have an ajax parsing an array

jquery

if (conceptName == "payall"){
var payall = confirm ("You are about paying for some items.");
if (payall == true ){
   var checkedB = new Array();
    $("input.NP:checkbox:checked").each(function(){
       checkedB.push($(this).attr("class"));
   });

   // ajax for sending the selected products array for the payment
    $.ajax({
      type: 'POST',
      url: "ord/payforit.php",
      data: {checkedB:checkedB},
      dataType: 'json',
      cache: false,
      success: function(resultpay) {
                     alert (resultpay);

       } 
     });
  } else {
    alert ("Ok, Do you still wanna add items?");
  }

php

require "dbconnection.php";
$getarr = mysqli_real_escape_string($db,$_POST["checkedB"]);  
echo json_encode ($getarr);

the array parses with no problem if I use $_POST["checkedB"] without sanitising, but with the above code I'll have

<br /> 
<b>Warning</b>:  mysqli_real_escape_string() expects parameter 2 to be string, array given in     <b>e/ru/ord/payforit.php</b> on    line <b>21</b><br />
null

what is so wrong with my code, I am sure that my DB connection is fine, there is no error with my picture upload that uses the same directory.

Please help me out here.

Appreciated.

Answer 1

You need to iterate over the array:

$getarr = array();
foreach($_POST['checkedB'] AS $val) {
    $getarr[] = mysqli_real_escape_string($db, $val);
}
echo json_encode($getarr);

Answer 2

You should iterate through an array and apply it to the values (and keys if you're handling post and get)

foreach ( $_POST["checkedB"] as $k=>$v ) {
    ${mysqli_real_escape_string( $db, $k )} = mysql_reali_escape_string( $db, $v );
}

echo $someKeyInArray;

Or to recompile an array

$array = array();
foreach ( $_POST["checkedB"] as $k=>$v ) {
    $array[mysqli_real_escape_string( $db, $k )] = mysqli_real_escape_string( $db, $v );
}

echo $array['someKeyInArray'];

If your array model contains Multiple Arrays then you would need to utilize a function to properly iterate through all arrays, something like this (not tested)

function mysqli_escape_array( $arr, $db = false ) {
    if ( ! $db ) {
        return false;
    }
    $array = array();
    foreach ( $arr as $k=>$v ) {
        if ( is_array( $v ) ) {
            $array[mysqli_real_escape_string( $db, $k )] = mysqli_escape_array( $v, $db );
        } else {
            $array[mysqli_real_escape_string( $db, $k )] = mysqli_real_escape_string( $db, $v );
        }
    }
    return $arr;
}

$array = mysqli_escape_array( $_POST['checkedB'], $db );

echo json_encode( $array );