Quote:
Originally Posted by basicwe
Gjbphp, what do you suggest I do in order to format my variables?
|
Use the following function to format the variables for entry to the database.
PHP Code:
mysql_real_escape_string();
You were using:
PHP Code:
if (empty($_POST['title'])) {
echo '<p><font color="red">You need to enter a title.</font></p>';
} else {
$title = $_POST['title'];
}
I would suggest that you use:
PHP Code:
if (empty($_POST['title'])) {
echo '<p><font color="red">You need to enter a title.</font></p>';
} else {
#here is where I changed something
$title = mysql_real_escape_string($_POST['title']);#see here
}
And then do this for each of your variables. Of course, if magic_quotes is enabled on your server, then you can either turn it off, or you can do the following.
PHP Code:
if( get_magic_quotes_gpc() )
{
$title = stripslashes($_POST['title']);
}
else
{
$title = $_POST['title'];
}
#NOW DO#
$title = mysql_real_escape_string($title);
Of course you can turn this into a function so that you don't have to write out all this code each time
For more information visit:
PHP: mysql_real_escape_string - Manual