ginerjm

Interesting. Very interesting.... From the original post showing the desired output, I would never have guessed anything but an html table. Interesting....

The php manual is very good on teaching pdo and prepared strings

Simply wrap each variable in a call to the MySQL_real_escape_string call. Of course as mentioned above you should switch to pdo and use prepared statements since MySQL_* is deprecated and soon to disappear. PS - I've read that is bad practice to use $_REQUEST. You should already know how your user is getting here, so use the proper array instead of whatever a potential hacker could have sent you.

So - no new code yet?

If all you are asking is about how to sanitize your input for a query, why did you post so much code? Really - we don't need to see your js code, not your html for that matter. Just your php and your current attempt would be so much easier to read

I might want to read batches of records and then process and write them back, either one at a time or in batches again.

Other than moving step 2 to the end so that you are assured that the process is complete, what's wrong with this approach? (assuming that an sql file is a table)

Your code is confusing after reading what you intend for it to do. How about putting some detailed comments in there to help guide us?

When you create your html table row output you have to use some logic to determine whether to place a company name in the cell or a &nbsp char. It's not an automated feature - it's a logical one. So - you keep track of the last company shown and if the current one matches you don't place it in the td element this time.

As I was reading your code the first question that came to mind was "where is $position coming from" But you question at the end resolved that one and created a new one. What do you mean "retrieve the position"? Is position a field in your table - just add it to the query. If not, where does position come from?

Turn on php error checking and also check the results of your call to query and you would have answers. Basically - you left off the quotes in your query statement values, which btw are not secure.

Huh? What are you showing us?

You need quotes around your username value, just like one needs quotes around any string argument in a query. Otherwise MySQL thinks you have provided a column name.

can you simply post the code that sends that link, showing us what you place in that link (in the code)?

Assuming that you figure out your connect problem, I'll point out the other errors you will encounter. You also should be sure that you have php error checking turned on to help you out. 1 - php is case sensitive - meaning that upper and lowercase used in var names is a pia. Stick to lowercase and avoid this problem. 2 - spelling errors in var names 3 - dates need to be in yyyymmdd format to place into a date field. Check out the strtotime and date functions as to how to do this. 4 - you only need to quote string vars in your query statement - nums (& dates) do not need them. 5 - you must be sure that your field names and values in the query statement are in the same order.

If you have looked at the manual, you should realize that your arguments do not require parens around them.

Don't understand what you are doing. You say you are sending out an email with a link in it. So what is all this about the link changing??? And what does godaddy have to do with this?

$con=mysqli_connect("mysqlusername","password","database name","table name"); The above line is not correct. Refer to the manual to get the right syntax.

What do you THINK you have to do?

If those values that you set with the js code are in the form that is being submitted, then they are part of your POST array. What's the problem with that?

No. I just don't know anything about it and didn't realize that was what you were you doing.

The whole idea of htmlspecialchars IS to break the link - any link, any html code - that could break your page or your site if you echo it back out.

While my initial response could have been more detailed, your latest proposed code (after Psycho's wonderful response) is still lacking. You can't run an empty call on the strip_tags result. As my off the cuff answer tried to make clear - run the empty test first as a true response from that answers one half of your question with the least use of resources ie, "is it empty?". Once you determine that it is not empty, then do your other tests to validate it or sanitize it.

It works but if you think about it - if you check for empty first you save a call to strip tags

We may very well be! And if so, I'm outta here!