Home/ Questions/Q 8156927
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T17:06:27+00:00

Maybe I’m wrong but for me its not working, I’m trying to do the

  • 0

Maybe I’m wrong but for me its not working,

I’m trying to do the mysql_real_escape_string() function with $_POST['value']; like this,

mysql_real_escape_string($_POST['value']);

but its not working, but if I try this,

$value = $_POST['value'];
mysql_real_escape_string($value);

it works perfectly, any suggestion why?

EDIT:

My code is like this,

$post = array('id', 'name');
$postArray = array();
foreach($post as $pa){
    $postArray[$pa] = mysql_real_escape_string($_POST[$pa]);
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Are you assigning the result of mysql_real_escape_string() to anything? It doesn’t modify the variable in-place.

    $value = mysql_real_escape_string($_POST['value']);

    To respond to your edit – shouldn’t your foreach be looping over $post, not $postArray?

    foreach($postArray as $pa){

    should be…

    foreach($post as $pa){

    Second edit: please use this code and tell us what it outputs:

    var_dump($_POST);
$post = array('id', 'name');
$postArray = array();
foreach($post as $pa){
    $postArray[$pa] = mysql_real_escape_string($_POST[$pa]);
}
var_dump($postArray);

    Final edit:

    Okay, your problem is that your incoming post variables are being read as arrays, and thus you can’t call mysql_real_escape_string() directly on those (because it’s designed for strings, not arrays).

    Change your code to this:

    $post = array('id', 'name');
$postArray = array();
foreach($post as $pa){
    if(is_array($_POST[$pa])) {
        $postArray[$pa] = mysql_real_escape_string($_POST[$pa][0]);
    } else {
        $postArray[$pa] = mysql_real_escape_string($_POST[$pa]);
    }
}

    and things should work.

    • 0