mysql_real_escape_string and array_map returns blank strings?
I haven't yet learned how to use parameterized queries (which according to some other posts on this site is something that I absolutely need to do first thing tomorrow morning) and I want to get a whack of form data into a query, escaped.
Twice, I have come across this solution:
$_POST = array_map('mysqli_real_escape_string', $_POST);
This, from what I can tell, runs all of the variables in the $_POST array through the escape function. I have seen that exact line upvoted, but when I add it to my existing PHP it creates a bunch of blank values.
I was under the impression that mysqli_real_escape_string needed a 2nd parameter - the link/connection. Is this what's causing my problem? The data takes just fine in the database if that line is removed and my variables take their unescaped values from $_POST.
Answer
array_map returns new array, if you're overwriting $_POST, better solution would be to use array_walk.
array_walk($_POST, function(&$string) use ($link) {
$string = mysqli_real_escape_string($link, $string);
});
Note that $link must be valid connection.
Function [ <internal:mysqli> function mysqli_real_escape_string ] {
- Parameters [2] {
Parameter #0 [ <required> $link ]
Parameter #1 [ <required> $string_to_escape ]
}
}