Hi all, I am new to PHP
Do I need to sanitize hidden data values in a form before carrying out the query on MySQL db.
If so can someone assist me in the correct format
The category_id is an INT and the make is a String.
$category_id=$_POST;
$make=$_POST;
Also do I need to sanitize the query also
$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'");
If you require any additional ifo please let me know.
Thanks in advance
David