|
Posted by Jim Michaels on 02/17/06 10:23
<barbarowa@yahoo.com> wrote in message
news:imoeu110k4s4mopdc8kk0jrm4g5tlacr34@4ax.com...
>I think I need to clarify what my objective is. Despite the code that
> I posted which my attempt to test what is actually getting passed to
> the program from the drop down menu selection, what I REALLY want is
> to know HOW to pass the variable the correct way and then how to use
> it in a MySQL INSERT statement. I tried the code you provided and
> this is what is shown: $_POST: Array ( )
once you've validated $_POST['id'],
mysql_query("INSERT INTO sometable(somecolumn,anothercolumn)
VALUES ('somestring','" .
str_replace(";","",mysqlreal_escape_string($_POST['id'])) . "')");
the functions should prevent SQL INJECTION. you can eliminate somecolumn
and somestring - i just put it in for completentess of example. your string
data should be enclosed in quotes. if it is numeric data, then don't
surround it with quotes.
>
> I know an array is what I'm up against, what I don't know is how to
> deal with it. Does this help clear up what I am looking for?
>
>
>
> On Mon, 06 Feb 2006 10:09:43 +0100, Iv�n S�nchez Ortega
> <i.punto.sanchez--@rroba--mirame.punto.net> wrote:
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>barbarowa@yahoo.com wrote:
>>
>>>>And why exactly are you mixing $_POST and $HTTP_POST_VARS?
>>>
>>> Just hoping to see what variable values are being passed.
>>
>>Then use something like:
>>
>><?php
>>
>>if (isset($_POST))
>>{
>> echo '$_POST: '; print_r($_POST); exit;
>>}
>>else if (isset($HTTP_POST_VARS))
>>{
>> echo '$HTTP_POST_VARS: '; print_r($HTTP_POST_VARS); exit;
>>}
>>
>>?>
>>
>>Think about:
>>- - What if $_POST gets a value but $HTTP_POST_VARS does not? (and the
>>other
>>way round)
>>- - What if $_POST['testform'] gets a value of 0, oran empty string, that
>>will
>>evaluate as false?
>
Navigation:
[Reply to this message]
|