mysql_escape_string whole post array? mysql_escape_string whole post array? sql sql

mysql_escape_string whole post array?

I would use the array_walk() function. It's better suited because modifies the POST superglobal so any future uses are sanitized.

array_walk_recursive( $_POST, 'mysql_real_escape_string' );

However, make sure that you don't rely on this line to completely protect your database from attacks. The best protection is limiting character sets for certain fields. Ex. Email's don't have quotes in them (so only allow letters, numbers, @, dashes, etc.) and names don't have parenthesis in them (so only allow letters and selected special characters)

EDIT: Changed array_walk() to array_walk_recursive() thanks to @Johan's suggestion. Props to him.

$escaped_POST = array_map('mysql_real_escape_string', $_POST);

Though, I would recommend using MySQLi instead.

you can use

foreach(array_keys($_POST) as $key){  $clean[$key] = mysql_real_escape_string($_POST[$key]);}

and after this to access post data use echo $clean['name'];