I have an array that I need to sanitize before putting it in a cell on a mysql database. The code i'm trying seems to work. But as soon as there are characters like ' it throws errors and thats not good. Here's what i've tried, any ideas whats wrong?
function submitLogDb($array,$id,$title)
{
function mysql_real_escape_array($var)
{
foreach($var as $line)
{
mysql_real_escape_string($line['msg']);
}
return $var;
}
$title=mysql_real_escape_string($title);
$array=mysql_real_escape_array($array);
return mysql_query("INSERT INTO logs (text,id,title) VALUES ('".serialize($array)."','$id','$title')");
}
EDIT: Just incase it helps, heres what some of the objects might look like in the array:
[1]
icon = ""
msg = "this is a test"
name = "Them: "
systemMsg = 0
[2]
icon = ""
msg = "yep it sure is"
name = "You: "
systemMsg = 0
mysql_real_escape_string the output of serialization of the array.
$data_to_insert = mysql_real_escape_string(serialize($array));