I have a question secuirty. Is it safe enough to do:

$fname = mysql_real_escape_string(htmlentities($_POST['fname']));
$lname = .....($_POST['lname']));

and insert it into the table like:

mysql_query("INSERT INTO North_America 
(first_name, middle_name, last_name, email, phone, country) VALUES('$fname', '$mname', '$lname', '$email', '$phone', '$country') ") 
or die(mysql_error());

Or do I need more validating?

for some reason i did not see the top of your post regarding mysql_real_escape_string.

This was fine in the days of ASCII, but the tubes are hardly ASCII anymore, with Unicode, UTF-16, i have 1,112,064 code points, they are not even called characters anymore, because they really aren't. And if you are familiar with best-fit mapping, you would know that there are now dozens of characters that can represent any single symbol in ASCII, meaning that using the above type of blocking mechanisms is silly and technically insecure.


Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.18 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.