Jump to content

mysql_escape_string


astralaaron
 Share

Recommended Posts

is it a good idea to ALWAYS use mysql_escape_string? or is it mysql_real_escape_string?? i cannot rememberhere in this code it is posting a new topic on my forum - should all of those $_post['']; variables have the mysql_escape_string when I INSERT theM??

<?phpinclude('safe.php');// Connect to server and select database.mysql_connect("localhost", "root", "*********")or die("cannot connect"); mysql_select_db("vikingbjj")or die("cannot select DB");// get data that sent from form $topic=safe($_POST['topic']);$detail=safe($_POST['detail']);$name=$_POST['name'];$email=$_POST['email'];$main = ($_GET[main]);if ($main < 1)  $main = 1;$datetime=date("d/m/y h:i:s"); //create date time$sql="INSERT INTO instructor_question(topic, detail, name, email, datetime)VALUES('$topic', '$detail', '$name', '$email', '$datetime')";$result=mysql_query($sql);if($result){$query = "UPDATE members  SET posts = posts + 1 WHERE user = '$name'";mysql_query( $query )or die("cannot update");header("location:http://localhost/vikingbjj/private/instructors.php?main=$main");}else {echo "ERROR";}mysql_close();?>

Link to comment
Share on other sites

It depends if the data is text or numeric. For text data you want to use mysql_real_escape_string, for numeric data you want to cast it as a number using either intval or floatval, depending if the number should be an integer or a float.

Link to comment
Share on other sites

It depends if the data is text or numeric. For text data you want to use mysql_real_escape_string, for numeric data you want to cast it as a number using either intval or floatval, depending if the number should be an integer or a float.
but you should ALWAYS do this when entering anything into DB from a $_POST or $_GET, correct?by the way can you explain a float to me please?
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...