Web Hosting UK Forums | Linux Windows Dedicated Server and cPanel VPS Hosting Forum - View Single Post

black-dog · #39 (**permalink**) 02-06-09, 07:01 AM

Quote:

Originally Posted by perplexed

Another good news update. I've cleared what could have been a couple of major hurdles without difficulty.

I have a web page form where i can enter 20 new records into the DB containing 5 fields. I had two fears over it.

The first being that when inserting a song name containing a comma could be potentially problematic. I left the 'stripslashes' instruction in from the original script and it works. Too be honest, i'm a little puzzled - it's been many years since i constructed the original scripts and have forgotten so much, but, i would have thought when one inserts into a database one would use the 'addslashes'?. Anyway, it works.

Well yes, that's what the 'escape' part is all about.

Quote:

Originally Posted by perplexed

Secondly, the first (hidden on the web page) field of each entry is a blank '()' to allow the DB to auto-increment the ID number to each new record. Fortunately it has worked fine and didn't trigger any errors.

You don't need a hidden field. In fact I'd actively encourage you to remove it. Just remove it from the insert query. If the field is auto-increment, it will still work

Quote:

Originally Posted by perplexed

Only slight negative was the laborious typing in of extra code with the addition of

PHP Code:


			
$x=mysql_real_escape_string($_POST['x']);

which meant that with twenty form records each containing four fields added 80 extra lines of code. Each one had to be unique as well. I was able to copy and paste most of the liine but it still was time-consuming to enter the relevant tags.

When performing a repetitive task I always think 'loops'. You could have saved a lot of effort by doing:

PHP Code:


			
foreach($_POST as $key=>$value){
$$key=mysql_real_escape_string($value);
}

Quote:

Originally Posted by perplexed

I have one more big test to come and if that is carried out successfully all php problems created by moving from my old site/version are cured.

I have a web page where i can enter search terms and call up one or several records, i can then edit any part of the record/s and update them back to the DB. Maybe, that is where my 'addslashes' has got to lol?.

With mysql_real_escape_string you won't have to. In any case you should only use addslashes in conjunction with get_magic_quotes_gpc() otherwise you end up adding slashes to slashes and get in a real mess.