forgetabout Posted October 14, 2006 Report Share Posted October 14, 2006 Kā visam _GET un _POST masīvam uzlikt šo "mysql_real_escape_string " ? Link to comment Share on other sites More sharing options...
Klez Posted October 14, 2006 Report Share Posted October 14, 2006 (edited) ar taisnaam rokaam. ej cauri visam masiivaam un lies virsuu. while vai foreach Edited October 14, 2006 by Klez Link to comment Share on other sites More sharing options...
forgetabout Posted October 14, 2006 Author Report Share Posted October 14, 2006 (edited) <?php foreach ($_GET as &$value) { $value = mysql_real_escape_string($value); } foreach ($_POST as &$value) { $value = mysql_real_escape_string($value); } ?> Tas būtu viss? Edited October 14, 2006 by forgetabout Link to comment Share on other sites More sharing options...
v3rb0 Posted October 14, 2006 Report Share Posted October 14, 2006 // urlis http://localhost/t.php?foo=bar foreach(array_merge($_POST, $_GET) as $key =>$value) ${$key.'_escaped'} = mysql_real_escape_string($value); // tālāk kaut kur echo $foo_escaped Link to comment Share on other sites More sharing options...
forgetabout Posted October 14, 2006 Author Report Share Posted October 14, 2006 v3rb0, tad jāmaina nosaukumi visiem mainīgajiem :( Link to comment Share on other sites More sharing options...
v3rb0 Posted October 14, 2006 Report Share Posted October 14, 2006 kas jāmaina? šis uztaisa tev bariņu jaunus mainīgos kas saucās $<key>_escaped, kur <key> ir keys no $_POST vai $_GET hashmapa. Link to comment Share on other sites More sharing options...
forgetabout Posted October 14, 2006 Author Report Share Posted October 14, 2006 Nu ja man bija foo, tad tagad tā vietā man jālieto foo_escaped ? Vai arī es kaut ko jaucu. Link to comment Share on other sites More sharing options...
v3rb0 Posted October 14, 2006 Report Share Posted October 14, 2006 register globals on ir ļauni! :) jā $_GET['foo'] pārtop par $foo_escaped. tik pat labi viņus var likt atpakaļ iekš $_GET['foo'] vai arī jaunā $_ARGS['foo'], lai nesacūkātu orģinālās vērtības iekš $_GET. Link to comment Share on other sites More sharing options...
forgetabout Posted October 14, 2006 Author Report Share Posted October 14, 2006 Ok, man ir $name=$_GET['name']; Tāpēc gribētos lai jaunie (ar mysql_real_escape_string izravētie mainīgie) paliktu tajā pašā masīvā :) Link to comment Share on other sites More sharing options...
andrisp Posted October 14, 2006 Report Share Posted October 14, 2006 v3rb0, bet ja GET un POST saturēs vienādus indexus ? Man visvienkāršāk liekas šādi: foreach($_POST as $k => $v) { $_POST[$k] = mysql_real_escape_string($v); } Un tāpat ar $_GET. Link to comment Share on other sites More sharing options...
forgetabout Posted October 15, 2006 Author Report Share Posted October 15, 2006 andrisp, manuprāt tev kaut kur ir kļūda :/ Jo pēc tam es uzraskstīju print_r($_GET); Un rezultātā : Array ( [name] => [pass] => ) Link to comment Share on other sites More sharing options...
john.brown Posted October 15, 2006 Report Share Posted October 15, 2006 (edited) A $_REQUEST vairs neeksistē? tak jēdzīgāk laikam tomēr šo apstrādāt :) Jo pēc tam es uzraskstīju print_r($_GET); Nu bet loģiski - piemērā tik $_POST ir apstrādāts. $_GET atsevišķi vajag pēc tā paša algoritma ;) Un tu ko, login datus caur get padod? Jocīgi bik ;) Edited October 15, 2006 by john.brown Link to comment Share on other sites More sharing options...
forgetabout Posted October 15, 2006 Author Report Share Posted October 15, 2006 (edited) Rakstīju : foreach($_POST as $k => $v) { $_POST[$k] = mysql_real_escape_string($v); } un foreach($_GET as $k => $v) { $_GET[$k] = mysql_real_escape_string($v); } Un pa get, jo tā ir wap saite, un parasti tur visu padod pa url. Edited October 15, 2006 by forgetabout Link to comment Share on other sites More sharing options...
andrisp Posted October 15, 2006 Report Share Posted October 15, 2006 (edited) Pirms tam konekciju ar mysql izveidoji ? Edited October 15, 2006 by andrisp Link to comment Share on other sites More sharing options...
forgetabout Posted October 16, 2006 Author Report Share Posted October 16, 2006 nē, bet pēc tevis rakstītā sapratu, ka vajag :) Link to comment Share on other sites More sharing options...
Recommended Posts