Jump to content

mysql_real_escape_string

eMonk

By eMonk
in PHP Coding Help

 Share

Recommended Posts

eMonk Regular Member

eMonk

Posted
Posted 

$update = "UPDATE model SET name = '$name', age = '$age', height = '" . mysql_real_escape_string($height) . "', hair = '$hair', bust = '$bust', waist = '$waist', hips = '$hips' ......... WHERE id = '$id' ";
$rsUpdate = mysql_query($update);

 

After reading the manual at php.net on this function, I should be inserting the mysql_real_escape_string for each variable, correct? Right now I just have it for $height. The reason I'm asking is because I have 28 columns in this table and want to make sure I'm using this function properly as it seems like a tedious process and messy code.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

When you are processing a SET of related data, you would generally use an array to store that data so that you could apply a common function to all of it at once. Assuming these values are coming from a form, you could also make an array of the form field names and then use that array to iterate over all the fields to apply a common function to them.

 

What is your actual code leading up to that point and where is this data coming from?

 

And even through you are using a mysql function in your code, your question is actually a php coding question, so moving this thread to the php coding forum section...

Link to comment
Share on other sites
eMonk Regular Member

eMonk

Posted
  • Author
Posted

I'm playing around with the short variable names now but it doesn't appear to be working ($height returns as NULL).

 

$name = trim($_POST['name']);

$age = trim($_POST['age']);

$height = mysql_real_escape_string(trim($_POST['height']));

$hair = trim($_POST['hair']);

$bust = trim($_POST['bust']);

$waist = trim($_POST['waist']);

$hips = trim($_POST['hips']);

 

$query = "INSERT INTO model VALUES

  ('', '$name', $age, height = '$height', '$hair', '$bust', '$waist', '$hips', .........)";

$results = mysql_query($query);

Link to comment
Share on other sites
eMonk Regular Member

eMonk

Posted
  • Author
Posted

It's working now...

 

Adding mysql_real_escape_string in the short variable names is cleaner IMO which makes it easier to read.

 

I'm not sure what you mean by using an array for the form field names but I'll read this chapter again in my book tonight.

 

Thanks again PFMaBiSmAd!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.