Hi all, I am new to PHP
Do I need to sanitize hidden data values in a form before carrying out the query on MySQL db.
If so can someone assist me in the correct format
The category_id is an INT and the make is a String.
$category_id=$_POST;
$make=$_POST;
Also do I need to sanitize the query also
$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'");
If you require any additional ifo please let me know.
Thanks in advance
David
Jump to PostIn future please use code tags as this is not your first post. Also the following code should do the trick:
$category_id=mysql_real_escape_string(stripslashes($_POST['category_id'])); $make=mysql_real_escape_string(stripslashes($_POST['make'])); $result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error()); //or $resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") …
In future please use code tags as this is not your first post. Also the following code should do the trick:
$category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
$make=mysql_real_escape_string(stripslashes($_POST['make']));
$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
//or
$resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());Hi
Thanks for the information
working fine
Thanks for the heads up on the
****rule and in the future I will add it to any further posts.
You mentioned my previous post which is not resolved, any ideas for a solution.
Thanks again
David
In future please use code tags as this is not your first post. Also the following code should do the trick:
$category_id=mysql_real_escape_string(stripslashes($_POST['category_id'])); $make=mysql_real_escape_string(stripslashes($_POST['make'])); $result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error()); //or $resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());
You mentioned my previous post which is not resolved, any ideas for a solution.
What's the problem or is this solved?
Hi
This thread is solved and I will mark it accordingly
But do you have time to look at my previous thread
www.daniweb.co./forums/thread222004.html
Thanks in advance.
David
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.