Posted by Toby A Inkster on 05/14/07 21:31

shaggynuts24@gmail.com wrote:

> //$query definition
> $query = "INSERT INTO cameras (SN, MAC_Adress, CAM_Type, CAM_Location,
> CAM_Name, RMA_Number, RMA_Description,
> RMA_Req_Date, RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, RMA_Cost)
>
> VALUES
> ('$_post[SN]','$_post[MAC_Adress]',
> '$_post[CAM_Type]', '$_post[CAM_Location]', '$_post[CAM_Name]',
> '$_post[RMA_Number]', '$_post[RMA_Description]',
> '$_post[RMA_Req_Date]', '$_post[RMA_Rec_Date]',
> '$_post[RMA_Ship_Date]', '$_post[RMA_Return_Date]',
> '$_post[RMA_Cost]')";

To begin with, variables are case-sensitive in PHP. That is, $_POST and
$_post are two very different things. Here you go:

function escaped_post ($key)
{
if (!isset($_POST[$key]))
return 'NULL';

if (is_numeric($_POST[$key]))
return $_POST[$key];

$value = $_POST[$key];
if (get_magic_quotes_gpc())
$value = stripslashes($value);
$value = mysql_real_escape_string($value);
return "'{$value}'";
}

$query = sprintf("INSERT INTO cameras (SN, MAC_Adress, CAM_Type, "
. "CAM_Location, CAM_Name, RMA_Number, "
. "RMA_Description, RMA_Req_Date, "
. "RMA_Rec_Date, RMA_Ship_Date, RMA_Return_Date, "
. "RMA_Cost) "
. "VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s);",
escaped_post('SN'),
escaped_post('MAC_Adress'),
escaped_post('CAM_Type'),
escaped_post('CAM_Location'),
escaped_post('CAM_Name'),
escaped_post('RMA_Number'),
escaped_post('RMA_Description'),
escaped_post('RMA_Req_Date'),
escaped_post('RMA_Rec_Date'),
escaped_post('RMA_Ship_Date'),
escaped_post('RMA_Return_Date'),
escaped_post('RMA_Cost'));

--
Toby A Inkster BSc (Hons) ARCS
http://tobyinkster.co.uk/
Geek of ~ HTML/SQL/Perl/PHP/Python/Apache/Linux

[Back to original message]