0

I have an array that I need to sanitize before putting it in a cell on a mysql database. The code i'm trying seems to work. But as soon as there are characters like ' it throws errors and thats not good. Here's what i've tried, any ideas whats wrong?

 function submitLogDb($array,$id,$title)
       {
            function mysql_real_escape_array($var) 
            {
                foreach($var as $line)
                {
                mysql_real_escape_string($line['msg']);
                }

              return $var;
            }


            $title=mysql_real_escape_string($title);

            $array=mysql_real_escape_array($array);

            return mysql_query("INSERT INTO logs (text,id,title) VALUES ('".serialize($array)."','$id','$title')");


       }

EDIT: Just incase it helps, heres what some of the objects might look like in the array:

[1] 
  icon = ""
  msg = "this is a test"
  name = "Them: "
  systemMsg = 0
[2]
  icon = ""
  msg = "yep it sure is"
  name = "You: "
  systemMsg = 0
Improve this question

1 Answer 1

Reset to default
2

mysql_real_escape_string the output of serialization of the array.

$data_to_insert = mysql_real_escape_string(serialize($array));
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

perfect! I didn't consider it because I didn't think the serialized version would be readable like that. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.