Posted by Geoff Berrow on 05/04/07 12:13

Message-ID: <slrnf3m5ig.p4n.Belial@murphy.redbrick.dcu.ie> from David
Gillen contained the following:

>You can insert the following snippet
>foreach($_POST as $key=>$val)
>{
> $$key = $val;
>}

Never trust user supplied data.
But (for mysql) you could do:
foreach($_POST as $key=>$val)
{
$$key = mysql_real_escape_string($val);
}
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

[Back to original message]