Posted by zach on 08/05/07 03:01

I created a comment form which will inserts the comments into a database
and displays them immediately. I want to make sure that its safe from
users inserting unwanted data into the database or executing queries.

Here's my php code, is this done right? Is there anything else I should
to to make it more secure?



$handle = mysql_connect($host,$user,$password) or die ('Sorry, looks
like an error occurred.');

$sql = "INSERT INTO comments (id, comment, name, quotekey) VALUES (NULL,
'$comment', '$name', '$key')";

mysql_real_escape_string($sql);


mysql_select_db($database);

mysql_query($sql);

mysql_close($handle);



Thanks,
Zach Wingo

[Back to original message]