<?php
if (isset($_GET) && is_array($_GET))
{
foreach ($_GET as $key => $value)
{
$_GET[$key] = htmlentities($value, ENT_QUOTES);
}
}
if (isset($_POST) && is_array($_POST))
{
foreach ($_POST as $key => $value)
{
$_POST[$key] = htmlentities($value, ENT_QUOTES);
}
}
?>
<?php
include('connexion_mysql.php'); // INDISPENSABLE pour utiliser mysql_real_escape_string
if (isset($_GET) && is_array($_GET))
{
foreach ($_GET as $key => $value)
{
$_GET[$key] = mysql_real_escape_string($value);
}
}
if (isset($_POST) && is_array($_POST))
{
foreach ($_POST as $key => $value)
{
$_POST[$key] = mysql_real_escape_string($value);
}
}
?>
On peux aussi faire les deux choses en même temps en utilisant une variable spécifique pour GET et POST
<?php
include('connexion_mysql.php'); // INDISPENSABLE pour utiliser mysql_real_escape_string
$GET_MySQL = array();
$GET_Secured = array();
$POST_MySQL = array();
$POST_Secured = array();
if (isset($_GET) && is_array($_GET))
{
foreach ($_GET as $key => $value)
{
$GET_MySQL[$key] = mysql_real_escape_string($value);
$GET_Secured[$key] = htmlentities($value, ENT_QUOTES);
}
}
if (isset($_POST) && is_array($_POST))
{
foreach ($_POST as $key => $value)
{
$POST_MySQL[$key] = mysql_real_escape_string($value);
$POST_Secured[$key] = htmlentities($value, ENT_QUOTES);
}
}
// On peux maintenant utiliser $POST_MySQL comme $_POST
// MAIS : $POST_MySQL n'est pas une variable globale.
?>