Sanitize PHP hidden form values

Thread Solved

Join Date: Sep 2009
Posts: 19
Reputation: davidjennings is an unknown quantity at this point 
Solved Threads: 0
davidjennings davidjennings is offline Offline
Newbie Poster

Sanitize PHP hidden form values

 
0
  #1
Sep 11th, 2009
Hi all, I am new to PHP

Do I need to sanitize hidden data values in a form before carrying out the query on MySQL db.

If so can someone assist me in the correct format


The category_id is an INT and the make is a String.

$category_id=$_POST['category_id'];
$make=$_POST['make'];

Also do I need to sanitize the query also

$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'");

If you require any additional ifo please let me know.

Thanks in advance

David
Last edited by davidjennings; Sep 11th, 2009 at 6:22 am.
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 1,514
Reputation: cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about 
Solved Threads: 136
cwarn23's Avatar
cwarn23 cwarn23 is offline Offline
Posting Virtuoso

Re: Sanitize PHP hidden form values

 
0
  #2
Sep 11th, 2009
In future please use code tags as this is not your first post. Also the following code should do the trick:
php Syntax (Toggle Plain Text) 
  1. $category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
  2. $make=mysql_real_escape_string(stripslashes($_POST['make']));
  3. $result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
  4. //or
  5. $resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());
Try not to bump 10 year old threads as it can be really annoying.
http://syntax.cwarn23.net/
Smilies: ^_* +_+ v_v -_- *~*`
My favourite PC. - MacGyver Fan
Reply With Quote Quick reply to this message  
Join Date: Sep 2009
Posts: 19
Reputation: davidjennings is an unknown quantity at this point 
Solved Threads: 0
davidjennings davidjennings is offline Offline
Newbie Poster

Re: Sanitize PHP hidden form values

 
0
  #3
Sep 11th, 2009
Hi
Thanks for the information
working fine

Thanks for the heads up on the
PHP Syntax (Toggle Plain Text) 
  1.  ****
rule and in the future I will add it to any further posts.

You mentioned my previous post which is not resolved, any ideas for a solution.

Thanks again

David


Originally Posted by cwarn23 View Post
In future please use code tags as this is not your first post. Also the following code should do the trick:
php Syntax (Toggle Plain Text) 
  1. $category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
  2. $make=mysql_real_escape_string(stripslashes($_POST['make']));
  3. $result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
  4. //or
  5. $resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 1,514
Reputation: cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about cwarn23 has a spectacular aura about 
Solved Threads: 136
cwarn23's Avatar
cwarn23 cwarn23 is offline Offline
Posting Virtuoso

Re: Sanitize PHP hidden form values

 
0
  #4
Sep 11th, 2009
You mentioned my previous post which is not resolved, any ideas for a solution.
What's the problem or is this solved?
Try not to bump 10 year old threads as it can be really annoying.
http://syntax.cwarn23.net/
Smilies: ^_* +_+ v_v -_- *~*`
My favourite PC. - MacGyver Fan
Reply With Quote Quick reply to this message  
Join Date: Sep 2009
Posts: 19
Reputation: davidjennings is an unknown quantity at this point 
Solved Threads: 0
davidjennings davidjennings is offline Offline
Newbie Poster

Re: Sanitize PHP hidden form values

 
0
  #5
Sep 11th, 2009
Hi
This thread is solved and I will mark it accordingly

But do you have time to look at my previous thread

www.daniweb.co./forums/thread222004.html

Thanks in advance.

David
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the PHP Forum
Thread Tools Search this Thread



Tag cloud for PHP
.htaccess access ajax alerts apache api array beginner binary broken cakephp checkbox class cms code convert cron curl database date directory display download dynamic echo email error file files folder form forms function functions google hack href htaccess html htmlspecialchars image include insert integration ip java javascript joomla limit link login loop mail menu methods mlm mod_rewrite multiple mysql network object oop overwrite parse paypal pdf php problem query radio random recursion redirect regex remote script search securephp server sessions sms soap source space sql structure syntax system table tutorial update upload url validation validator variable video web xml youtube
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC