Hi! I am just starting PHP. I am learning to sanitze my data. I found this exmaple from the web. It displays the sanitized data, but... it does not insert the sanitized data. :( What shouuld I do to make that happen?
<?php
$filters = array(
"firstname" =>array("filter"=>FILTER_VALIDATE_INT, "flags"=>FILTER_FLAG_ARRAY|FILTER_NULL_ON_FAILURE, "options"=>array("min_range"=>0, "max_range"=>100)),
"lastname" => FILTER_SANITIZE_NUMBER_INT,
"email" => FILTER_SANITIZE_EMAIL,
"invoice"=> FILTER_VALIDATE_INT,
"company" => FILTER_SANITIZE_EMAIL,
"arenew" => FILTER_SANITIZE_EMAIL,
"contact" => FILTER_SANITIZE_EMAIL,
"wink" => FILTER_SANITIZE_EMAIL,
"wint" => FILTER_SANITIZE_EMAIL,
"wind" => FILTER_SANITIZE_EMAIL,
"vtype" => FILTER_SANITIZE_EMAIL,
"usera" => FILTER_SANITIZE_EMAIL,
"yeara" => FILTER_SANITIZE_EMAIL,
"sdate" => FILTER_SANITIZE_EMAIL,
"edate" => FILTER_SANITIZE_EMAIL,
"viprek" => FILTER_SANITIZE_EMAIL,
"notes" => FILTER_SANITIZE_EMAIL,
);
/*** apply the filters to the POST array ***/
$filtered = filter_input_array(INPUT_POST, $filters);
/*** echo the filtered array members ***/
echo $filtered['firstname'] .'<br />'. $filtered['lastname'] .'<br />'. $filtered['email'].'<br />';
/*** check for the notset variable ***/
if(filter_has_var(INPUT_POST, "notset") !== false)
{
echo 'Variable is in filter';
}
else
{
var_dump($filtered["notset"]);
}
?>
<?php
include_once 'resources/init.php';
$sql="INSERT INTO Client (firstname, lastname, email, invoice, company, arenew, contact, wink, wint, wind, vtype, usera, yeara, sdate, edate, viprek, notes)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[email]','$_POST[invoice]','$_POST[company]','$_POST[arenew]','$_POST[contact]','$_POST[wink]','$_POST[wint]','$_POST[wind]','$_POST[vtype]','$_POST[usera]','$_POST[yeara]','$_POST[sdate]','$_POST[edate]','$_POST[viprek]','$_POST[notes]')";
if (!mysql_query($sql))
die('Error: ' . mysql_error());
{
echo "<h5>Client Infomation has been Added sucsessfully.</h5>";
}
mysql_close($con)
?>
<a href="index.php">Back To List</a