I have a form that is generated dynamically. The end users will be able to submit employee details to the database. So array $fname will contain all first names, $lname all last names ect. The arrays are then inserted into MySQL like so:
$query = "INSERT INTO workers (date_added, department,fname, lname, rank)
VALUES ";
$fname = count(fname);
for($i=0; $i<$employee_count; $i++) {
$query .= "(NOW(),'$department','{$fname[$i]}','{$lname[$i]}','{$rank[$i]}'),
";
}
This works great until we have dangerous characters like single quotes e.g MC'Mahon, which makes the query to fail. I cannot use many normal functions such as mysqli_real_escape_string() since this is an array. Is there a way to sanitize the array i.e escape any dangerous characters inside the arrays so that I sanitize each array before pushing it into them for loop that splits each array into strings that are then entered into MySQL?