> For instance, if a form has <input type="text"> and/or <textarea> inputs,
> how do you treat the results of those inputs to safely insert them into
the
> database, to correct for 'single quotes, "double quotes, \slashes, etc etc
> etc.
I had the same problem - what I did to solve was use addslashes() in the
string before I send them to the database. This is working great for all the
user inputs - until now...
> So, in other words, I have a form with some inputs, named perhaps text1
and
text2.
> Then, when they submit the form, I want to insert or update that entry
with
those values, like..
> UPDATE tblStuff SET txtText1='".urlencode($text1)."',
> txtText2='".urlencode($text2)."'";
> or something like that..
UPDATE tblStuff SET txtText1='".addslashes($text1)."',
txtText2='".addslashes($text2)."'";
What do you think?
Rom
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
