I had just hired someone to do a secure form and pasted below is

Question

0

Asked: June 1, 20262026-06-01T16:03:35+00:00 2026-06-01T16:03:35+00:00

I had just hired someone to do a secure form and pasted below is

0

I had just hired someone to do a secure form and pasted below is just a snippet of a large code:

        $_POST = escape_all($_POST);

        $some1 = $_POST['some1'];
        $some2 = $_POST['some2'];
        $some3 = $_POST['some3'];
        $some4 = $_POST['some4'];
        $some5 = $_POST['some5'];
        $some6 = $_POST['some6'];
        $some7 = $_POST['some7'];
        $some8 = $_POST['some8'];

Is that the right way or should i add mysql_real_escape_string(); to all of the variables?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T16:03:36+00:00

That looks like he’s written a custom function to escape. As long as that escape_all function is calling mysql_real_escape string, it will technically work, although I wouldn’t say it’s the preferred solution for a few reasons.

Firstly, you’ll want to be careful that you aren’t escaping anywhere else, as it can easily lead to double escaping, which can cause other problems.

Also, you can end up escaping a whole lot of data that doesn’t need to be escaped depending on the situation, if performance is a concern.

And yes, using mysqli instead of mysql is generally preferable.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I had just hired someone to do a secure form and pasted below is

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply