How do i escape a string that includes a lot of ' and "
Here is my sql inser query's some part
VALUES
('','$_POST[FileID]','$_POST[FileAddress]','$_POST[Name]','$_POST[Requirements]','$_POST[DateAdded]','$_POST[Size]','$_POST[Changes]')";
How do i escape a string that includes a lot of ' and "
Here is my sql inser query's some part
VALUES
('','$_POST[FileID]','$_POST[FileAddress]','$_POST[Name]','$_POST[Requirements]','$_POST[DateAdded]','$_POST[Size]','$_POST[Changes]')";
ok its better if you assign a variable to each $_POST and use the variable in the insert query like so.
//example
$FileID = $_POST['FileID'];
$FileAddress = $_POST['FileAddress'];
$Name = $_POST['Name'];
$Requirements = $_POST['Requirements'];
$DateAdded = $_POST['DateAdded'];
$Size = $_POST['Size'];
$Changes = $_POST['Changes'];
VALUES
('$FileID', '$FileAddress', '$Name', '$Requirements', '$DateAdded', '$Size',' $Changes')";
You could also cleanse the complete post array:
<?php
@extract($_POST);
foreach($_POST as $key => $value){
mysql_real_escape_string($value);
}
//now do specific cleansing and insert query
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.