> Anyone have a link or links to how to definitively make safe inserts to
> databases with form information?
It's a good idea to validate all data you're sticking in before you do.
For example, if you have a numeric field, you don't want the person to
be able to submit letters in that field. So, always check that the data
is formatted the way you want it to be before sending it to the
database.
I usually use preg_replace() to remove undesireable characters.
If you want text to go into a field and want people to be able to have
quotes and other such items in there, then use addslashes().
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
