have you ever thought how a very simple mysql insert query can be so frustrating!! grrr! was coding for the cms and had to write this idiotic query!!
$formdesc_query=”INSERT INTO `form_desc` (`page_modulecomponentid` ,`form_heading` ,`form_loginrequired` ,`form_headertext` ,`form_footertext` ,`form_expirydatetime` ,`form_sendconfirmation` ,`form_usecaptcha` ,`form_allowuseredit` ,`form_allowuserunregister` ,`form_showuseremail` ,`form_showuserfullname` ,`form_showregistrationdate` ,`form_showlastupdatedate`) VALUES ($compId, ‘”.mysql_escape_string($formdesc_content['form_heading']).”‘, ‘”.mysql_escape_string($formdesc_content['form_loginrequired']).”‘, ‘”.mysql_escape_string($formdesc_content['form_headertext']).”‘, ‘”.mysql_escape_string($formdesc_content['form_footertext']).”‘ , ‘”.mysql_escape_string($formdesc_content['form_expirydatetime']).”‘ , ‘”.mysql_escape_string($formdesc_content['form_sendconfirmation']).”‘, ‘”.mysql_escape_string($formdesc_content['form_usecaptcha']).”‘, ‘”.mysql_escape_string($formdesc_content['form_allowuseredit']).”‘, ‘”.mysql_escape_string($formdesc_content['form_allowuserunregister']).”‘, ‘”.mysql_escape_string($formdesc_content['form_showuseremail']).”‘, ‘”.mysql_escape_string($formdesc_content['form_showuserfullname']).”‘, ‘”.mysql_escape_string($formdesc_content['form_showregistrationdate']).”‘, ‘”.mysql_escape_string($formdesc_content['form_showlastupdatedate']).”‘)”;
One Comment
after a fetch assoc on the mysql result resource
foreach ($formdesc_content as $var => $val) {
$$var = mysql_escape_string($val);
That takes care of your mysql escape for the entire result array and gives you variables like
$form_loginrequired having values=mysql_escape(g($formdesc_content[’form_loginrequired’])
so the things to be put up in values wud be $form_loginrequired etc etc.
and maybe it wud be a lil nice idea to be a bit more discrete about the code before we are done through with it. one never knows how it can be exploited.no offence. tc and enjoy ur vacation