I have a series of session variables in an array. When I use quotes in one of my string variables, I try to addslashes so I can eventually insert it into the DB, but the addslashes() function is not working. Here is an example.
In the comments field, I write this:
This is the “comment”
I realize this is a problem so I added a function before I enter it into the database that runs through a series of Session variables, including the comments variable.
$strip_fields = array($_SESSION['comments'],$_SESSION['employee_id'],$_SESSION['approved_by'],$_SESSION['delivery_email'],$_SESSION['full_name'],$_SESSION['first_name'],$_SESSION['last_name']);
foreach($strip_fields as $key => $value) {
$key = addslashes($key);
}
After I run this function I try to echo out the comments variable $_SESSION[‘comments’]
This is the “comment”
So I can see that the addslashes function somehow does not work the way I am using it. Why does the addslashes function not work the way I’m using it?
THIS IS MY SOLUTION (I used a bit from both suggestions)
$strip_fields = array(
'employee_id', 'approved_by', 'delivery_email', 'full_name',
'first_name', 'last_name', 'title', 'title_2', 'dept_div',
'dept_div_2', 'email', 'comments', 'special_instructions'
);
foreach($strip_fields as $key) {
$_SESSION[$key] = $conn->real_escape_string($_SESSION[$key]);
}
There are a few things wrong here:
$_SESSIONto new variables.addslashes(), but you placed the values into array values.foreach()copies the values from the array into$keyand$value, so you’re operating on a copy of a copy.You should be able to use references for this, but I think skipping them will be clearer.