darkfreaks Posted April 8, 2009 Share Posted April 8, 2009 can you not edit my code to fit yours its not all that hard to udnerstand ??? Link to comment https://forums.phpfreaks.com/topic/127337-php-addressbook/page/2/#findComment-805058 Share on other sites More sharing options...
darkfreaks Posted April 9, 2009 Share Posted April 9, 2009 <?php $connect= new mysqli('localhost','user','pass','db'); //connecting to MYSQLI function clean($text){ $text=strip_tags(trim(mysql_real_escape_string($text)));//weeding out XSS/SQL injection $text.=html_entities($text,ENT_QUOTES); //escaping XSS injection from executing } //sanitizing variables for XSS/SQL injection $Job_Title= clean($_POST['Job_Title']); $Work_Phone= clean($_POST['Work_Phone']); $Work_Fax= clean($_POST['Work_Fax']); $Website= clean($_POST['Website']); $update= clean($_POST['update']); $sql= $connect ->prepare("INSERT INTO table VALUES (?,?,?,?,?)"); //preparing MYSQLI statement $sql ->bind_param ('sssss',$Job_Title,$Work_Phone,$Work_Fax,$Website,$update); //binding MYSQL values to statement $sql ->execute(); //execute prepared MYSQLI statement ?> Link to comment https://forums.phpfreaks.com/topic/127337-php-addressbook/page/2/#findComment-805072 Share on other sites More sharing options...
Maq Posted April 9, 2009 Share Posted April 9, 2009 its called TamperIE it lets you edit GET AND POST before the data is sent. And what exactly does that mean...? Link to comment https://forums.phpfreaks.com/topic/127337-php-addressbook/page/2/#findComment-805073 Share on other sites More sharing options...
Recommended Posts