Tenaciousmug Posted June 17, 2011 Share Posted June 17, 2011 Here is my code: if (isset($_POST['remove'])) { foreach ($_POST['msgid'] AS $msgid) { $sql = "DELETE FROM inbox WHERE msgid = '".$msgid."' AND userid='".$_SESSION['userid']."'"; mysqli_query($cxn, $sql) or die(mysqli_error($cxn)); } } It works perfectly fine, but to prevent SQL Injection and XSS, I put this: if (isset($_POST['remove'])) { foreach ($cxn-real_escape_string(htmlspecialchars($_POST['msgid'])) AS $msgid) { $sql = "DELETE FROM inbox WHERE msgid = '".$msgid."' AND userid='".$_SESSION['userid']."'"; mysqli_query($cxn, $sql) or die(mysqli_error($cxn)); } } But then it stops grabbing the value. :/ So... is there anyway I can prevent malicious attacks without preventing it from grabbing the value? Link to comment https://forums.phpfreaks.com/topic/239634-escaping-mulitple-checkbox-values/ Share on other sites More sharing options...
Tenaciousmug Posted June 17, 2011 Author Share Posted June 17, 2011 Nevermind! Just had to do this: if (isset($_POST['remove'])) { foreach ($_POST['msgid'] AS $msgid) { $msgid = $cxn->real_escape_string(htmlspecialchars($msgid); $sql = "DELETE FROM inbox WHERE msgid = '".$msgid."' AND userid='".$_SESSION['userid']."'"; mysqli_query($cxn, $sql) or die(mysqli_error($cxn)); } } Link to comment https://forums.phpfreaks.com/topic/239634-escaping-mulitple-checkbox-values/#findComment-1230981 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.