Considering that everyone is always worried about User Data (And Rightly So), would it

Question

0

Asked: May 12, 20262026-05-12T06:06:28+00:00 2026-05-12T06:06:28+00:00

Considering that everyone is always worried about User Data (And Rightly So), would it

0

Considering that everyone is always worried about User Data (And Rightly So), would it be sufficient to simply loop through each external array when you get it, and apply a mysql_real_escape_string().

I’m curious to if this is a bad idea.

Something like:

function getExternalData($type='GET')
{
    $type = strtoupper($type);
    $data = $_$type;
    foreach($data as $key => $value)
    {
        $clean[$key] = mysql_real_escape_string($value);
    }
    return $clean;
}

That would make all that data safe to use in databases. But, what are the cons of doing it this way?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-12T06:06:28+00:00

Editorial Team

2026-05-12T06:06:28+00:00Added an answer on May 12, 2026 at 6:06 am

The main con is if you have to process the input, for example in order to parse markup, you’ll have to unescape the input then not forget to re-escape it. Also, it’s quite inefficient. Query placeholders are a very good way to prevent SQL injection.

As for sanitization itself (not only for SQL) you should take a look at the Filter extension, available by default in PHP 5.2 and in PECL for 5.1.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Considering that everyone is always worried about User Data (And Rightly So), would it

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply