0

Hi! I am just starting PHP. I am learning to sanitze my data. I found this exmaple from the web. It displays the sanitized data, but... it does not insert the sanitized data. :( What shouuld I do to make that happen?

<?php

$filters = array(
"firstname" =>array("filter"=>FILTER_VALIDATE_INT, "flags"=>FILTER_FLAG_ARRAY|FILTER_NULL_ON_FAILURE, "options"=>array("min_range"=>0, "max_range"=>100)),
"lastname" => FILTER_SANITIZE_NUMBER_INT,
"email" => FILTER_SANITIZE_EMAIL,
"invoice"=> FILTER_VALIDATE_INT,
"company" => FILTER_SANITIZE_EMAIL,
"arenew" => FILTER_SANITIZE_EMAIL,
"contact" => FILTER_SANITIZE_EMAIL,
"wink" => FILTER_SANITIZE_EMAIL,
"wint" => FILTER_SANITIZE_EMAIL,
"wind" => FILTER_SANITIZE_EMAIL,
"vtype" => FILTER_SANITIZE_EMAIL,
"usera" => FILTER_SANITIZE_EMAIL,
"yeara" => FILTER_SANITIZE_EMAIL,
"sdate" => FILTER_SANITIZE_EMAIL,
"edate" => FILTER_SANITIZE_EMAIL,
"viprek" => FILTER_SANITIZE_EMAIL,
"notes" => FILTER_SANITIZE_EMAIL,
);

/*** apply the filters to the POST array ***/
$filtered = filter_input_array(INPUT_POST, $filters);

/*** echo the filtered array members ***/
echo $filtered['firstname'] .'<br />'. $filtered['lastname'] .'<br />'. $filtered['email'].'<br />';

/*** check for the notset variable ***/
if(filter_has_var(INPUT_POST, "notset") !== false)
{
echo 'Variable is in filter';
}
else
{
var_dump($filtered["notset"]);
}
?>
<?php

include_once 'resources/init.php';

$sql="INSERT INTO Client (firstname, lastname, email, invoice, company, arenew, contact, wink, wint, wind, vtype, usera, yeara, sdate, edate, viprek, notes)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[email]','$_POST[invoice]','$_POST[company]','$_POST[arenew]','$_POST[contact]','$_POST[wink]','$_POST[wint]','$_POST[wind]','$_POST[vtype]','$_POST[usera]','$_POST[yeara]','$_POST[sdate]','$_POST[edate]','$_POST[viprek]','$_POST[notes]')";

if (!mysql_query($sql))

die('Error: ' . mysql_error());
{
echo "<h5>Client Infomation has been Added sucsessfully.</h5>";
}
mysql_close($con)
?>

<a href="index.php">Back To List</a

Edited by ARKaMAN: Fixed Formating

2
Contributors
1
Reply
2
Views
5 Years
Discussion Span
Last Post by joshmac
0

I could be wrong, but I think each line should be something like below:

"lastname" => ("lastname",FILTER_SANITIZE_NUMBER_INT),

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.