Seeking assistance with Escaping Data for MySQL queries

Posted by JM4 on Stack Overflow See other posts from Stack Overflow or by JM4
Published on 2010-05-24T14:58:20Z Indexed on 2010/05/24 15:01 UTC
Read the original article Hit count: 160

Filed under:
|
|

Please don't send me a link to php.net referencing mysql_real_escape_string as the only response. I have read through the page and while I understand the general concepts, I am having some trouble based on how my INSERT statement is currently built.

Today, I am using the following:

$sql = "INSERT INTO tablename VALUES ('', '$_SESSION['Member1FirstName'], '$_SESSION['Member1LastName'], '$_SESSION['Member1ID'], '$_SESSION['Member2FirstName'], '$_SESSION['Member2LastName'], '$_SESSION['Member2ID'] ....

and the list goes on for 20+ members with some other values entered. It seems most people in the examples already have all their data stored in an array.

On my site, I accept form inputs, action="" is set to self, php validation takes place and if validation passes, data is stored into SESSION variables on page 2 then redirected to the next page in the process (page 3) (approximately 8-10 pages in the whole process).

thanks!

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql