I am learning php, and am developing an address book on my website that will put info into a data base I am storing on my vps. However, I am struggling to understand the use of magic quotes as a security measure and wondered if anyone had a good suggestion for a clear consisce tutorial on this?
I have included the forms I am using to submit the info as well that the section I am using to send it to my database. I suspect that making the changes I need is simpler than it appears in the current tutorial I am using... I have my form split into two pages. Please understand, I'm not asking anyone to fix the code so that is has the magic quotes safety on it- I'm asking for information on how to learn to do it myself. If however you would enjoy filling in my missing pieces please feel free to show me!
Thanl you guys!
//This is the form I currently have to submit the information. It gets transfered to another page that then submits it to the database.
<form action="insert.php" method="post">
First Name: <input type="text" name="FirstName">
Last Name: <input type="text" name="LastName">
<br>
Email Address: <input type="text" name="EmailAddress">
<br>
<input type="submit">
</form>
//This is what I am using to submit the date to the database.
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$sql="INSERT INTO contacts
VALUES
('$_POST[FirstName]','$_POST[LastName]','$_POST[EmailAddress]','$_POST[PhoneNumber]')";
if (!mysql_query($sql,$db_handle))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close( $db_handle );
}
else {
print "Database NOT Found " . $db_handle;
mysql_close($db_handle);
}