Jump to content

Archived

This topic is now archived and is closed to further replies.

tbobker

mysql_escape_string() help

Recommended Posts

[code]
<?php

if(isset($_POST['submit'])) {

$first = $_POST['fname'];
$last = $_POST['lname'];
$address = $_POST['address'];
$email = $_POST['email'];
$pcode = $_POST['pcode'];
$country = $_POST['country'];
$comment = $_POST['comment'];

$conn = mysql_connect("localhost","","");
mysql_select_db("",$conn);

$sql = "insert into petition values ('','','$first','$last','$address','$email','$pcode','$country','$comment');";
$result = mysql_query($sql,$conn);

$sql2 = "select id from petition";
$result2 = mysql_query($sql2,$conn);
$num_rows = mysql_num_rows($result2);




echo "<div height='300px'><h1>Thankyou for signing the petition</h1><br>".$first."&nbsp;".$last." you have made a positive step forward</div>";
echo "<br><h2>You are person&nbsp;<span style='color: red'>".$num_rows."</span>";

}else { echo '
[/code]

i need to mysql_escape_string() the values but i dont know how to do it with multiple values?

Share this post


Link to post
Share on other sites
What do you mean by "do it with multiple values";

In this case, you can do:
[code]<?php
if(isset($_POST['submit'])) {

$first = mysql_real_escape_string($_POST['fname']);
$last = mysql_real_escape_string($_POST['lname']);
$address = mysql_real_escape_string($_POST['address']);
$email = mysql_real_escape_string($_POST['email']);
$pcode = mysql_real_escape_string($_POST['pcode']);
$country = mysql_real_escape_string($_POST['country']);
$comment = mysql_real_escape_string($_POST['comment']);

$conn = mysql_connect("localhost","","");
mysql_select_db("",$conn);

$sql = "insert into petition values ('','','$first','$last','$address','$email','$pcode','$country','$comment');";
$result = mysql_query($sql,$conn);

$sql2 = "select id from petition";
$result2 = mysql_query($sql2,$conn);
$num_rows = mysql_num_rows($result2);




echo "<div height='300px'><h1>Thankyou for signing the petition</h1><br>".$first."&nbsp;".$last." you have made a positive step forward</div>";
echo "<br><h2>You are person&nbsp;<span style='color: red'>".$num_rows."</span>";

}?>[/code]

Ken

Share this post


Link to post
Share on other sites
Thanks that has helped and will this stop any sql injection attempts by escaping with the \?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.