function escape(){ while (list($key, $value) = each($_POST)) { $value = trim(mysql_escape_string($value)); global $$key; $$key = $value; } }
1. The function does not detect if magic_quotes_gpc are on, post vars would be double escaped then.
2. $value might be an array (<input name="var[]" ...>), the array would be effectively destroyed.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
