Acceptable method of escaping variables?

aaron_karp

I wanted to do this at the top of some of my pages (supplemented by some other more specific validation, of course).

It seems right to me - but I just wanted to have you guys appraise it for me before I put it on my site. Thanks.

foreach($_GET as $key => $value) {
	$_GET[$key] = mysql_real_escape_string($value);
}
foreach($_POST as $key => $value) {
	$_POST[$key] = mysql_real_escape_string($value);
}

execute

all you need is addslashes in that foreach loop. not mysql real escape...
the only downside is you have to stripslashes() when you output the information elsewhere in your website. But it's the best defense against injections.