Stephen68 Posted February 11, 2009 Share Posted February 11, 2009 Ok I loop through the form fields and put them into an array which I implode into a string. What I am wondering if mysql_real_escape_string() on the string will work. <?php $exclude = array("month", "day", "year", "submit2","submit33"); foreach ($_POST as $field=>$value) {//Start foreach loop //If the $field is month,day,year,submit2 or submit33 then skip them if(!in_array($field, $exclude)) { $names[] = "$field="."'".$value."'"; } }// end of foreach loop $updateString = implode(",",$names); $updateString = mysql_real_escape_string($updateString); ?> will the mydql_real_escape_string() work like this for mysql insert? Thanks for the help Steve Link to comment https://forums.phpfreaks.com/topic/144718-form-processing-help/ Share on other sites More sharing options...
ratcateme Posted February 11, 2009 Share Posted February 11, 2009 i think you will need to mysql_real_escape_string $field and $value separately other wise the ' will get escaped Scott. Link to comment https://forums.phpfreaks.com/topic/144718-form-processing-help/#findComment-759406 Share on other sites More sharing options...
Stephen68 Posted February 11, 2009 Author Share Posted February 11, 2009 thank you for pointing that out, I'll rewrite my code and put it into the loop. Thanks again Link to comment https://forums.phpfreaks.com/topic/144718-form-processing-help/#findComment-759412 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.