$submit=$_POST['submit'];
$fullname=$_POST['fullname'];
$phone=preg_replace('/[^0-9]/', '', $_POST['phone']);
$phone = (int) $phone;
$adress=$_POST['city'] . ' ' . $_POST['district'] . ' ' . $_POST['adress'];
$friends=$_POST['friends'];
$school=$_POST['school'];
$info=$_POST['info'];
$dob = $_POST['year']."-". $_POST['month']."-".$_POST['day'];
Recently i added to my page:
foreach ($_POST as $key => $value) {
$_POST[$key] = mysql_real_escape_string($value);
}
i want to sanitize all $_POST's (http://prntscr.com/22uot) ID 20 before adding mysql_real_escape_string() to my page, id 22 after. My page puts all variables to db table's fields but when I want to add mysql_real_escape_string() to variable it puts nothing into the field. I dunno what to do.
As clearly indicated in the manual (which is the first things you should browse, when in doubt):
A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.
Be sure you've connect to your database before using this function.
$link = mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($dbname);
to use this function, you must have a connection opened to your database before, like :
mysql_connect(...);
$fullname=mysql_real_escape_string($_POST['fullname']);
etc ...
来源:https://stackoverflow.com/questions/6384423/adding-mysql-real-escape-string-causes-blank-values-to-be-stored-to-database