I certainly agree with that Micah. array_pop only removes that last
item. If you are in a an open environment you definitely want to
include security checks and form validation.
-mike
On Aug 22, 2005, at 4:07 PM, Micah Stevens wrote:
This is tenuous and insecure, you have no control over t
This is tenuous and insecure, you have no control over the $_POST array, only
the submitting page does, I'd do a sanity check, and assign the values needed
into another array before submitting to the database.
This is also primed for a SQL injection attack.
Bad idea.. IMHO..
-Micah
On Mond
Thanks mike! that did the trick. This works:
array_pop($_POST);
/* this gets rid of the last element of $_POST which is 'addentry' from
the form's submit button. $_POST now containes ONLY the values expected by
pg_insert. By the way, the order of the values in $_POST does not seem to
matter, o
Or if you need to store all the values, you could normalize the table field
into another table.
-Micah
On Monday 22 August 2005 3:19 pm, Bastien Koert wrote:
> To further append the previous note,
>
> if you want to insert the array, you need to serialize it
> (www.php.net/serialize) to make t
To further append the previous note,
if you want to insert the array, you need to serialize it
(www.php.net/serialize) to make the array db safe
if you want to insert the individual specific values, you will need to
implode the array with separators (and check the data in the correct order
f
Being a tyro, I'm sure I'm missing something obvious about handling the
array $_POST. I hope wiser heads can point me in the right direction.
This fails:
\n";
} else {
print pg_last_error ($db);
exit;
}
$res = pg_insert($db, 'vracore', $_POST);
if ($res) {
echo "You're a Genius";
}
