Run Array Through mysql_real_escape_string

Hi all, just wondering how I can run all $_POST data through the mysql_real_escape_string. My code is below. Any help is appreciated as always :slight_smile:

//Enter Products into DB
			 foreach($_POST['products'] as $id=>$product){
			 	echo $product['name'];
			 		echo $product['serial'];
						echo $product['stock'];
							echo $product['quantity'];
								echo $product['price'];
								
			 $sql = "INSERT INTO order_products (product_name, product_serial) VALUES ('$product[name]','$product[serial]')";
			 mysql_query($sql);
			 }

You could use array_map() but really, don’t.

If you really want to do that, another way is a foreach loop

foreach($_POST as $key => $value) {
      $_POST[$key] = mysql_real_escape_string($value, $con);
}

Perfect, thank you chaps. Appreciated as always :smiley: