son Posted September 3, 2013 Share Posted September 3, 2013 Have a form that is used to update, create or delete entries in db. All form fields sticky, but instead of echoing post data I echo values from variables. If update/delete form displays current db values in form field, if new entry they are empty to start off with, but will be sticky for those submissions where the field entries are filled out okay whilst others are not. My issue now is that upon db submission I use: $idesc = escape_data($_POST['idesc']); which now causes the text to be escaped when there is an issue with another form field which is not what I want. What would be best? To move all escape_data bits till after the check that all form fields are filled out okay? Or is there a better alternative? Son Link to comment Share on other sites More sharing options...
Ingolme Posted September 3, 2013 Share Posted September 3, 2013 Escape the data just before using it in the database query. If you use prepared statements, escaping the data won't be needed at all. Link to comment Share on other sites More sharing options...
son Posted September 5, 2013 Author Share Posted September 5, 2013 What do you mean by "prepared statements". Am not sure what this is... Son Link to comment Share on other sites More sharing options...
thescientist Posted September 5, 2013 Share Posted September 5, 2013 https://www.google.com/#q=prepared+statements+php&safe=off Link to comment Share on other sites More sharing options...
son Posted September 10, 2013 Author Share Posted September 10, 2013 Thanks:-) Son Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now