I'm trying to sanitize $_POST data with array_map and mysqli_real_escape_string
the problem is that when I use the $link variable inside of array_map is it somehow gets converted to a string, I'm pretty sure I have the syntax right, but this one has been knawing at me for a while.
here is my (simplified) code:
$link = mysqli_connect($host, $user, $password);
$row = array_map('mysqli_real_escape_string', $row, array($link, $row));
The mysqli_real_escape_string() function is an inbuilt function in PHP which is used to escape all special characters for use in an SQL query. It is used before inserting a string in a database, as it removes any special characters that may interfere with the query operations.
The real_escape_string() / mysqli_real_escape_string() function escapes special characters in a string for use in an SQL query, taking into account the current character set of the connection.
While everybody recommends PDO, if you do wish to use the mysqli class to achieve what you wanted you need to pass the mysqli link and real_escape_string property to the array_map as an array like so:
$link = mysqli_connect($host, $user, $password);
$escaped_row = array_map(array($link, 'real_escape_string'), $row);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With