Reply to thread

Message

<blockquote data-quote="Murlyn" data-source="post: 8696" data-attributes="member: 184">Yeah I mean using PHP_SELF.. try to make sure and use the new global variables though.. so $_SERVER['PHP_SELF'] and $_POST['firstname'] etc etc&nbsp; And actually you wont need to do anything to that input because it should automatically add slashes to your incoming data..So let's say $_POST['lastname'] was O'Connel then it would actually be O\'Connel which escapes the apostrophe.. and tells mysql to not use it as part of the sql statement.. that it's actually part of the value..So something like this:INSERT INTO tablename VALUES ('{$_POST['firstname']}', '{$_POST['lastname']}');As you can see, surrounding the variables are single quotes.. now since the data within will have their single quotes escaped.. it shouldnt matter what kind of stuff someone puts in the fields.. they shouldnt be able to add any damaging code, without it throwing up an error.</blockquote>

[QUOTE="Murlyn, post: 8696, member: 184"] Yeah I mean using PHP_SELF.. try to make sure and use the new global variables though.. so $_SERVER['PHP_SELF'] and $_POST['firstname'] etc etc And actually you wont need to do anything to that input because it should automatically add slashes to your incoming data.. So let's say $_POST['lastname'] was O'Connel then it would actually be O\'Connel which escapes the apostrophe.. and tells mysql to not use it as part of the sql statement.. that it's actually part of the value.. So something like this: INSERT INTO tablename VALUES ('{$_POST['firstname']}', '{$_POST['lastname']}'); As you can see, surrounding the variables are single quotes.. now since the data within will have their single quotes escaped.. it shouldnt matter what kind of stuff someone puts in the fields.. they shouldnt be able to add any damaging code, without it throwing up an error. [/QUOTE]

Verification

Name this item 🌈