Maybe I'm wrong but for me its not working,
I'm trying to do the mysql_real_escape_string() function with $_POST['value']; like this,
mysql_real_escape_string($_POST['value']);
but its not working, but if I try this,
$value = $_POST['value'];
mysql_real_escape_string($value);
it works perfectly, any suggestion why?
EDIT:
My code is like this,
$post = array('id', 'name');
$postArray = array();
foreach($post as $pa){
$postArray[$pa] = mysql_real_escape_string($_POST[$pa]);
}
Are you assigning the result of mysql_real_escape_string() to anything? It doesn't modify the variable in-place.
$value = mysql_real_escape_string($_POST['value']);
To respond to your edit - shouldn't your foreach be looping over $post, not $postArray?
foreach($postArray as $pa){
should be...
foreach($post as $pa){
Second edit: please use this code and tell us what it outputs:
var_dump($_POST);
$post = array('id', 'name');
$postArray = array();
foreach($post as $pa){
$postArray[$pa] = mysql_real_escape_string($_POST[$pa]);
}
var_dump($postArray);
Final edit:
Okay, your problem is that your incoming post variables are being read as arrays, and thus you can't call mysql_real_escape_string() directly on those (because it's designed for strings, not arrays).
Change your code to this:
$post = array('id', 'name');
$postArray = array();
foreach($post as $pa){
if(is_array($_POST[$pa])) {
$postArray[$pa] = mysql_real_escape_string($_POST[$pa][0]);
} else {
$postArray[$pa] = mysql_real_escape_string($_POST[$pa]);
}
}
and things should work.