对于每个$ _POST变量mysql_real_escape_string? [英] For each $_POST variable a mysql_real_escape_string?
问题描述
对于我的学校作业,我必须创建一个使用 我一直在尝试一段时间,但是我无法完成工作。我已经尝试了一个 到目前为止,我已经得到了这个(只是为了看看是否正在处理变量) trim(), htmlspecialchars() code>和 mysql_real_escape_string()来防止SQL和HTML注入。
foreach 循环和一个提取函数。我一定是做错了什么,或者错过了什么。
$ p $ foreach($ _Post as $ Key => $ Value){
$$ Key = $ Value;
echo $$键。< br>;
}
但它不会返回任何内容。
我可以在每个变量上使用 trim 等,但是必须要简单得多。
我有 $ _ POST 变量'voorletters','tussenvoegsel','naam','adres','huisnummer'(数字),'telefoon'(数字) ,'邮编','woonplaats','geslacht','email'和'wachtwoord'(密码)。
请帮助我:(!我是一个初学者,关于PHP,所以请尝试彻底解释。
这个
foreach($ _ POST为$ key => $ value ){
echo'$ _POST ['。$ key。']中的当前值是:'。$ value。'< br>';
$ _POST [$ key] = your_filter $ value);
}
其中 your_filter() code>是你调用trim,htmlspecialchars等的函数:
$ b $ pre $ function $ your $ filter $ $ $ $ b $ newVal = trim($ value);
$ newVal = htmlspecialchars($ newVal);
$ newVal = mysql_real_escape_string($ newVal);
return $ newVal;
}
请注意变量名称 $ _ POST $ _ $ Post 。
在这里你不需要使用$$,在 $键,您可以访问/替换中的值编辑:添加一个回显打印当前值
$ b EDIT2:添加了一个
的例子your_filter()函数 For my school homework I have to create a function that uses trim(), htmlspecialchars() and mysql_real_escape_string() to prevent SQL- and HTML injection.
I've been trying for a while but I can't get it to work. I've tried a foreach loop and an extract function. I must be doing something wrong, or missing something.
So far, I've got this: (just to see if the variables are being processed)
foreach ($_Post as $Key => $Value) {
$$Key = $Value;
echo $$Key."<br>";
}
But it won't return anything.
I can use the trim etc on every variable on its own, but there must be a much easier way.
I've got the $_POST variables 'voorletters', 'tussenvoegsel', 'naam', 'adres', 'huisnummer' (numbers), 'telefoon' (numbers), 'postcode', 'woonplaats', 'geslacht', 'email' and 'wachtwoord' (password).
Please help me :(! I'm a beginner concerning php, so please try to explain thoroughly.
What about this
foreach($_POST as $key => $value) {
echo 'Current value in $_POST["' . $key . '"] is : ' . $value . '<br>';
$_POST[$key] = your_filter($value);
}
where your_filter() is your function calling trim, htmlspecialchars, etc. :
function your_filter($value) {
$newVal = trim($value);
$newVal = htmlspecialchars($newVal);
$newVal = mysql_real_escape_string($newVal);
return $newVal;
}
Pay attention to the variable name too which is $_POST not $_Post.
You don't need to use $$ here, you have the key name in the loop in $key and you can access/replace the value in the array with $_POST[$key]
EDIT : added an echo to print current value
EDIT2 : added an example of your_filter() function
这篇关于对于每个$ _POST变量mysql_real_escape_string?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
