Home/ Questions/Q 6027655
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T04:37:28+00:00

$submit=$_POST[‘submit’]; $fullname=$_POST[‘fullname’]; $phone=preg_replace(‘/[^0-9]/’, ”, $_POST[‘phone’]); $phone = (int) $phone; $adress=$_POST[‘city’] . ‘ ‘ .

  • 0
$submit=$_POST['submit'];
$fullname=$_POST['fullname'];
$phone=preg_replace('/[^0-9]/', '', $_POST['phone']);
$phone =  (int) $phone;
$adress=$_POST['city']  . ' ' .  $_POST['district'] . ' ' . $_POST['adress'];
$friends=$_POST['friends'];
$school=$_POST['school'];
$info=$_POST['info'];
$dob = $_POST['year']."-". $_POST['month']."-".$_POST['day'];

Recently i added to my page:

foreach ($_POST as $key => $value) { 
$_POST[$key] = mysql_real_escape_string($value);
}

i want to sanitize all $_POST’s (http://prntscr.com/22uot) ID 20 before adding mysql_real_escape_string() to my page, id 22 after. My page puts all variables to db table’s fields but when I want to add mysql_real_escape_string() to variable it puts nothing into the field. I dunno what to do.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As clearly indicated in the manual (which is the first things you should browse, when in doubt):

    A MySQL connection is required before
    using mysql_real_escape_string()
    otherwise an error of level E_WARNING
    is generated, and FALSE is returned.
    If link_identifier isn’t defined, the
    last MySQL connection is used.

    Be sure you’ve connect to your database before using this function.

    $link = mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($dbname);
    • 0