0

Hi all, I am new to PHP

Do I need to sanitize hidden data values in a form before carrying out the query on MySQL db.

If so can someone assist me in the correct format


The category_id is an INT and the make is a String.

$category_id=$_POST;
$make=$_POST;

Also do I need to sanitize the query also

$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'");

If you require any additional ifo please let me know.

Thanks in advance

David

Edited by davidjennings: n/a

2
Contributors
4
Replies
5
Views
8 Years
Discussion Span
Last Post by davidjennings
0

In future please use code tags as this is not your first post. Also the following code should do the trick:

$category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
$make=mysql_real_escape_string(stripslashes($_POST['make']));
$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
//or
$resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());
0

Hi
Thanks for the information
working fine

Thanks for the heads up on the

****

rule and in the future I will add it to any further posts.

You mentioned my previous post which is not resolved, any ideas for a solution.

Thanks again

David

In future please use code tags as this is not your first post. Also the following code should do the trick:

$category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
$make=mysql_real_escape_string(stripslashes($_POST['make']));
$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
//or
$resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());
0

You mentioned my previous post which is not resolved, any ideas for a solution.

What's the problem or is this solved?

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.