tags:

views:

177

answers:

5

I am aware of array_walk() and array_map(). However when using the former like so (on an old project) it failed

array_walk($_POST, 'mysql_real_escape_string');

Warning: mysql_real_escape_string() expects parameter 2 to be resource, string given.

So I went with this slightly more ugly version

foreach($_POST as $key => $value) {
    $_POST[$key] = mysql_real_escape_string($value);
}

So why didn't the first way work? What is the best way to map values of an array to a function?

A: 

I don't know PHP but, can't you do:

array_walk($_POST, mysql_real_escape_string);

Note that in my code I'm passing the actual function rather that its name as in yours.

Juanjo Conti
The docs quote the function name http://php.net/manual/en/function.array-walk.php
alex
Ok, I was guessing. Python programmer.
Juanjo Conti
-1, and I shouldn't need to explain why. Sorry, but you shouldn't just guess if you don't know the language-- do research. Nothing personal :-(
Platinum Azure
Of course, Accepted.
Juanjo Conti
A: 

It's because the mysql_real_escape_string is being given two parameters, both string.

http://php.net/manual/en/function.mysql-real-escape-string.php

http://www.phpbuilder.com/manual/en/function.array-map.php:

array_map() returns an array containing all the elements of arr1 after applying the callback function to each one. The number of parameters that the callback function accepts should match the number of arrays passed to the array_map()

you could do

function myescape($val)
{
    return mysql_real_escape_string($val);
}

... then

array_walk($_POST, 'myescape');
John Boker
So `array_walk()` will map every array value to all parameters of the function? Isn't that a bit.. *weird*? Any way I can say "First param only please"?
alex
The answer to the first question is NO.
Juanjo Conti
I think myescape is missing a 2nd argument here: $key
Juanjo Conti
+2  A: 

The callback function passed to array_walk is expected to accept two parameters, one for the value and one for the key:

Typically, funcname takes on two parameters. The array parameter's value being the first, and the key/index second.

But mysql_real_escape_string expects the second parameter to be a resource. That’s why you’re getting that error.

Use array_map instead, it only takes the value of each item and passes it to the given callback function:

array_map($_POST, 'mysql_real_escape_string');

The second parameter will be omitted and so the last opened connection is used.

Gumbo
A: 

http://php.net/manual/en/function.array-walk.php says that array_walk will call the function with 2 arguments, the value and the key. You should write a new function to wrap mysql_real_escape_string. Something like:

function wrapper($val, $key){
    return mysql_real_escape_string($val);
}

And then:

array_walk($_POST, 'mysql_real_escape_string');

Sorry if my PHP is not correct, but I think you'll catch the general idea.

Juanjo Conti
You mean, the 2nd argument to `array_walk()` should be `'wrapper'`.
alex
A: 

mysql_real_escape_string() won't work unless you've made a mysql connection first. The reason it is so cool is that it will escape characters in a way to fit the table type. The second [optional] argument is a reference to the mysql connection.

$_POST is always set up as key->value. So, you array_walk calls mysql_real_escape_string(value, key). Notice the second argument is not a reference.

That is why it does not work. There are several solution already mentioned above.

the Hampster