tbobker Posted October 30, 2006 Share Posted October 30, 2006 [code]<?php if(isset($_POST['submit'])) { $first = $_POST['fname']; $last = $_POST['lname']; $address = $_POST['address']; $email = $_POST['email']; $pcode = $_POST['pcode']; $country = $_POST['country']; $comment = $_POST['comment']; $conn = mysql_connect("localhost","",""); mysql_select_db("",$conn); $sql = "insert into petition values ('','','$first','$last','$address','$email','$pcode','$country','$comment');"; $result = mysql_query($sql,$conn); $sql2 = "select id from petition"; $result2 = mysql_query($sql2,$conn); $num_rows = mysql_num_rows($result2); echo "<div height='300px'><h1>Thankyou for signing the petition</h1><br>".$first." ".$last." you have made a positive step forward</div>"; echo "<br><h2>You are person <span style='color: red'>".$num_rows."</span>"; }else { echo '[/code]i need to mysql_escape_string() the values but i dont know how to do it with multiple values? Link to comment https://forums.phpfreaks.com/topic/25627-mysql_escape_string-help/ Share on other sites More sharing options...
kenrbnsn Posted October 30, 2006 Share Posted October 30, 2006 What do you mean by "do it with multiple values";In this case, you can do:[code]<?php if(isset($_POST['submit'])) { $first = mysql_real_escape_string($_POST['fname']); $last = mysql_real_escape_string($_POST['lname']); $address = mysql_real_escape_string($_POST['address']); $email = mysql_real_escape_string($_POST['email']); $pcode = mysql_real_escape_string($_POST['pcode']); $country = mysql_real_escape_string($_POST['country']); $comment = mysql_real_escape_string($_POST['comment']); $conn = mysql_connect("localhost","",""); mysql_select_db("",$conn); $sql = "insert into petition values ('','','$first','$last','$address','$email','$pcode','$country','$comment');"; $result = mysql_query($sql,$conn); $sql2 = "select id from petition"; $result2 = mysql_query($sql2,$conn); $num_rows = mysql_num_rows($result2); echo "<div height='300px'><h1>Thankyou for signing the petition</h1><br>".$first." ".$last." you have made a positive step forward</div>"; echo "<br><h2>You are person <span style='color: red'>".$num_rows."</span>"; }?>[/code]Ken Link to comment https://forums.phpfreaks.com/topic/25627-mysql_escape_string-help/#findComment-116956 Share on other sites More sharing options...
tbobker Posted October 31, 2006 Author Share Posted October 31, 2006 Thanks that has helped and will this stop any sql injection attempts by escaping with the \? Link to comment https://forums.phpfreaks.com/topic/25627-mysql_escape_string-help/#findComment-117220 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.