question - addslashes

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ali90
Forum Newbie
Posts: 9
Joined: Sun Mar 16, 2014 11:03 am

question - addslashes

Post by ali90 »

Question from paper :Write code to store the details submitted from the form into the database.

My Query : In the solution they have requested a couple of names using GET function and then uses addshashes on a couple of them . I read on a website
http://www.w3schools.com/Php/func_string_addslashes.asp
that addshashes is by default used on all GET and POST functions so does this means that there is no need to apply addslashes here ?

Answer:
// assume connection already established from part c) i)
$fullname = $_GET['fullname'];
$phonenumber = $_GET['phonenumber'];
$address = $_GET['address'];
$phonetype = $_GET['phonetype'];
$relationship = $_GET['relationship'];
$fullname = addslashes($fullname);
$phonenumber = addslashes($phonenumber);
$address = addslashes($address);
$friend = false;
$family = false;
$business = false;
foreach($relationship as $rel)
{
if ($rel == ‘friend’) $friend = true;
if ($rel == ‘family’) $family = true;
if ($rel == ‘business’) $business = true;
}
$result = mysql_select_db("ADDRESSBOOK", $link);
if (! $result) {
echo "Failed to connect to database.\n";
}
else
{
$result = mysql_query("insert into Contacts (FullName, PhoneNumber, PhoneType,
Address, Friend, Family, Business)
values ('$fullname', '$phonenumber', '$phonetype', '$address', $friend, $family,
$business);", $link);
if (! $result) {
echo "<p>MySQL Error: " . mysql_error($link) . "</p>\n";
}
else
{
echo "<p>Contact added to the database.</p>";
}
}
mysql_close($link);
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: question - addslashes

Post by Celauran »

Forget addslashes. While you're at it, forget w3schools. It's terrible. You need to escape data before inserting it into a database or, better still, use prepared statements. mysql_ functions have been considered worst practice for years, have been deprecated, and will be removed from the language altogether. You'd do well to spend some time becoming familiar with PDO.
ali90
Forum Newbie
Posts: 9
Joined: Sun Mar 16, 2014 11:03 am

Re: question - addslashes

Post by ali90 »

Thanks , can you type in code for the above question . Actually I have an exam a couple of days from now on and I am thinking if i can pass it .. I will look into PDO but it looks like this needs some time to understand .
Post Reply