TalkPHP - View Single Post - No data inserted into database. Am I wrongdoing it?

delayedinsanity · 03-29-2010, 06:12 PM

For the luv of gawd, please don't forget to verify your data before you enter it into a database. At the very VERY least you should be sanitizing it with mysql_real_escape_string();

You're attempting to insert a row using POST information that isn't populated at the time of the statement. When the form submits (to BookingForm.php) you should be checking on that page for valid POST data. If none is found send them back to the form, if it is found, checked for validity and passes, then insert your sanitized input into the database.

03-29-2010, 06:12 PM	#3 (permalink)
delayedinsanity is cute and cuddly Join Date: Mar 2008 Location: Vegas, Baby Posts: 963 Thanks: 31	For the luv of gawd, please don't forget to verify your data before you enter it into a database. At the very VERY least you should be sanitizing it with mysql_real_escape_string(); You're attempting to insert a row using POST information that isn't populated at the time of the statement. When the form submits (to BookingForm.php) you should be checking on that page for valid POST data. If none is found send them back to the form, if it is found, checked for validity and passes, then insert your sanitized input into the database.