943,949 Members | Top Members by Rank

Web Development > PHP > Sanitize PHP hidden form values
Ad:
  • PHP Discussion Thread
  • Marked Solved
  • Views: 715
  • PHP RSS
Permalink
Sep 11th, 2009
0

Sanitize PHP hidden form values

Expand Post »
Hi all, I am new to PHP

Do I need to sanitize hidden data values in a form before carrying out the query on MySQL db.

If so can someone assist me in the correct format


The category_id is an INT and the make is a String.

$category_id=$_POST['category_id'];
$make=$_POST['make'];

Also do I need to sanitize the query also

$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'");

If you require any additional ifo please let me know.

Thanks in advance

David
Last edited by davidjennings; Sep 11th, 2009 at 6:22 am.
Reputation Points: 10
Solved Threads: 1
Junior Poster in Training
davidjennings is offline Offline
71 posts
since Sep 2009
Permalink
Sep 11th, 2009
0

Re: Sanitize PHP hidden form values

In future please use code tags as this is not your first post. Also the following code should do the trick:
php Syntax (Toggle Plain Text)
  1. $category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
  2. $make=mysql_real_escape_string(stripslashes($_POST['make']));
  3. $result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
  4. //or
  5. $resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());
Sponsor
Featured Poster
Reputation Points: 410
Solved Threads: 258
Occupation: Genius
cwarn23 is offline Offline
3,004 posts
since Sep 2007
Permalink
Sep 11th, 2009
0

Re: Sanitize PHP hidden form values

Hi
Thanks for the information
working fine

Thanks for the heads up on the
PHP Syntax (Toggle Plain Text)
  1.  ****
rule and in the future I will add it to any further posts.

You mentioned my previous post which is not resolved, any ideas for a solution.

Thanks again

David


Click to Expand / Collapse  Quote originally posted by cwarn23 ...
In future please use code tags as this is not your first post. Also the following code should do the trick:
php Syntax (Toggle Plain Text)
  1. $category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
  2. $make=mysql_real_escape_string(stripslashes($_POST['make']));
  3. $result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
  4. //or
  5. $resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());
Reputation Points: 10
Solved Threads: 1
Junior Poster in Training
davidjennings is offline Offline
71 posts
since Sep 2009
Permalink
Sep 11th, 2009
0

Re: Sanitize PHP hidden form values

Quote ...
You mentioned my previous post which is not resolved, any ideas for a solution.
What's the problem or is this solved?
Sponsor
Featured Poster
Reputation Points: 410
Solved Threads: 258
Occupation: Genius
cwarn23 is offline Offline
3,004 posts
since Sep 2007
Permalink
Sep 11th, 2009
0

Re: Sanitize PHP hidden form values

Hi
This thread is solved and I will mark it accordingly

But do you have time to look at my previous thread

www.daniweb.co./forums/thread222004.html

Thanks in advance.

David
Reputation Points: 10
Solved Threads: 1
Junior Poster in Training
davidjennings is offline Offline
71 posts
since Sep 2009

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: Need help to integrate Paypal API in Kubelance
Next Thread in PHP Forum Timeline: Cron job problem





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC