1

Before PHP7, I would combine implode and array_map to go through each of the values with mysql_real_escape_string to prepare them for a statement to avoid sql injection. e.g:

$values = implode("', '", array_map('mysql_real_escape_string', $sqlArray));

mysql_real_escape_string has been replaced now by mysqli::real_escape_string. How would the above code be done with the new methods just as easily using the mysqli class in an array_map?

Improve this question
0

1 Answer 1

Reset to default
7

You might be better off using prepared statements, but to the question, pass an array of object and method. This should work for anything that takes a callback:

$result = array_map(array($mysqli, 'real_escape_string'), $sqlArray);

Assuming you have a $mysqli object that you're working with from the mysqli class.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Ok so now : What is $mysqli
Thanks, yeah I already have a $mysqli object. Many thanks Abra
Yea, I get that, but others may not. If you want your answer to be usful to others less intuitive than us, it would be useful to make that obvious in your answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.