Filter problem with different versions

[oceans]

Mmarif4U,

 

where should this

"

mysql_real_escape_string

"

be placed is it just before writing to db, please guide.

 

addslashes seems opposite to stripslashes this will help me to remove (/) it is?

 

I am still willing to mod my code and put this mysql real escape

[mmarif4u]

Yes use mysql_real_escape_string before entring something to db.

[oceans]

Ok lets say I have 2 variables,

 

(mysql_query("UPDATE `member` SET `Name` = '".mysql_real_escape_string($InputFromScreen[1])."',`Address` = '".mysql_real_escape_string($InputFromScreen[2])."' WHERE `EmailAddress` = '".$FromEarlierScreen[3]."'")

 

Am I right?

[mmarif4u]

Yes its almost right but if u filter it before putting it in query that will be work well.

[oceans]

Mmarif4U,

 

I hope I am not asking too much can you give my code a twitch?

[mmarif4u]

No its ok,

Then post some code but remember i had already told u that dont use it array or loop.

Use addslashes or stripslashes will work fine here.

[oceans]

Oh Mine,

 

I update a maximum of 30 entries at one time all in array form, ok I give up, but as long as the slashes help me I am happy, to my list (')(`)(")(\) do you think I should add anything more.

 

I am very happy with your warm help friend

[mmarif4u]

Thanks you u welcome.

No i think these are fine to use, no other stuff to put.

[oceans]

Thanks my friend,

 

This is the second time you stayed with me while I am troubled.

 

Thanks a million!

[mmarif4u]

You welcome.

Always remember do validation from user input while running live server.

This will make safe ur site from bad users.