Seeking assistance with Escaping Data for MySQL queries
Posted
by JM4
on Stack Overflow
See other posts from Stack Overflow
or by JM4
Published on 2010-05-24T14:58:20Z
Indexed on
2010/05/24
15:01 UTC
Read the original article
Hit count: 160
Please don't send me a link to php.net referencing mysql_real_escape_string as the only response. I have read through the page and while I understand the general concepts, I am having some trouble based on how my INSERT statement is currently built.
Today, I am using the following:
$sql = "INSERT INTO tablename VALUES ('', '$_SESSION['Member1FirstName'], '$_SESSION['Member1LastName'], '$_SESSION['Member1ID'], '$_SESSION['Member2FirstName'], '$_SESSION['Member2LastName'], '$_SESSION['Member2ID'] ....
and the list goes on for 20+ members with some other values entered. It seems most people in the examples already have all their data stored in an array.
On my site, I accept form inputs, action="" is set to self, php validation takes place and if validation passes, data is stored into SESSION variables on page 2 then redirected to the next page in the process (page 3) (approximately 8-10 pages in the whole process).
thanks!
© Stack Overflow or respective owner