I have a few questions regarding mainly sql injection.
I have three basic queries on my database :
$table1="first_table"; $input1=$_POST['input1 ']; $input2=$_POST['input2 ']; $result= msql_query ("select * from $table1 where id='$input1' "); $result_array=mysql_fectch_array($result); $answer=$result_array[$input2];
I run the same query on about 12 different tables and I have about 50 to a hundred different inputs all together.
I'm not worried about if the user inputs incorrect data as much as I am any harmful sql injection.
I've done a little research on mysql_real_escape_string and I saw this idea but I'm not sure how to implement it:
Any ideas welcome
$input_data = array_map('mysql_real_escape_string', $_POST);