tbobker Posted October 30, 2006 Share Posted October 30, 2006 [code]<?php if(isset($_POST['submit'])) { $first = $_POST['fname']; $last = $_POST['lname']; $address = $_POST['address']; $email = $_POST['email']; $pcode = $_POST['pcode']; $country = $_POST['country']; $comment = $_POST['comment']; $conn = mysql_connect("localhost","",""); mysql_select_db("",$conn); $sql = "insert into petition values ('','','$first','$last','$address','$email','$pcode','$country','$comment');"; $result = mysql_query($sql,$conn); $sql2 = "select id from petition"; $result2 = mysql_query($sql2,$conn); $num_rows = mysql_num_rows($result2); echo "<div height='300px'><h1>Thankyou for signing the petition</h1><br>".$first." ".$last." you have made a positive step forward</div>"; echo "<br><h2>You are person <span style='color: red'>".$num_rows."</span>"; }else { echo '[/code]i need to mysql_escape_string() the values but i dont know how to do it with multiple values? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted October 30, 2006 Share Posted October 30, 2006 What do you mean by "do it with multiple values";In this case, you can do:[code]<?php if(isset($_POST['submit'])) { $first = mysql_real_escape_string($_POST['fname']); $last = mysql_real_escape_string($_POST['lname']); $address = mysql_real_escape_string($_POST['address']); $email = mysql_real_escape_string($_POST['email']); $pcode = mysql_real_escape_string($_POST['pcode']); $country = mysql_real_escape_string($_POST['country']); $comment = mysql_real_escape_string($_POST['comment']); $conn = mysql_connect("localhost","",""); mysql_select_db("",$conn); $sql = "insert into petition values ('','','$first','$last','$address','$email','$pcode','$country','$comment');"; $result = mysql_query($sql,$conn); $sql2 = "select id from petition"; $result2 = mysql_query($sql2,$conn); $num_rows = mysql_num_rows($result2); echo "<div height='300px'><h1>Thankyou for signing the petition</h1><br>".$first." ".$last." you have made a positive step forward</div>"; echo "<br><h2>You are person <span style='color: red'>".$num_rows."</span>"; }?>[/code]Ken Quote Link to comment Share on other sites More sharing options...
tbobker Posted October 31, 2006 Author Share Posted October 31, 2006 Thanks that has helped and will this stop any sql injection attempts by escaping with the \? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.