question - addslashes
Posted: Wed Mar 19, 2014 10:08 am
Question from paper :Write code to store the details submitted from the form into the database.
My Query : In the solution they have requested a couple of names using GET function and then uses addshashes on a couple of them . I read on a website
http://www.w3schools.com/Php/func_string_addslashes.asp
that addshashes is by default used on all GET and POST functions so does this means that there is no need to apply addslashes here ?
Answer:
// assume connection already established from part c) i)
$fullname = $_GET['fullname'];
$phonenumber = $_GET['phonenumber'];
$address = $_GET['address'];
$phonetype = $_GET['phonetype'];
$relationship = $_GET['relationship'];
$fullname = addslashes($fullname);
$phonenumber = addslashes($phonenumber);
$address = addslashes($address);
$friend = false;
$family = false;
$business = false;
foreach($relationship as $rel)
{
if ($rel == ‘friend’) $friend = true;
if ($rel == ‘family’) $family = true;
if ($rel == ‘business’) $business = true;
}
$result = mysql_select_db("ADDRESSBOOK", $link);
if (! $result) {
echo "Failed to connect to database.\n";
}
else
{
$result = mysql_query("insert into Contacts (FullName, PhoneNumber, PhoneType,
Address, Friend, Family, Business)
values ('$fullname', '$phonenumber', '$phonetype', '$address', $friend, $family,
$business);", $link);
if (! $result) {
echo "<p>MySQL Error: " . mysql_error($link) . "</p>\n";
}
else
{
echo "<p>Contact added to the database.</p>";
}
}
mysql_close($link);
My Query : In the solution they have requested a couple of names using GET function and then uses addshashes on a couple of them . I read on a website
http://www.w3schools.com/Php/func_string_addslashes.asp
that addshashes is by default used on all GET and POST functions so does this means that there is no need to apply addslashes here ?
Answer:
// assume connection already established from part c) i)
$fullname = $_GET['fullname'];
$phonenumber = $_GET['phonenumber'];
$address = $_GET['address'];
$phonetype = $_GET['phonetype'];
$relationship = $_GET['relationship'];
$fullname = addslashes($fullname);
$phonenumber = addslashes($phonenumber);
$address = addslashes($address);
$friend = false;
$family = false;
$business = false;
foreach($relationship as $rel)
{
if ($rel == ‘friend’) $friend = true;
if ($rel == ‘family’) $family = true;
if ($rel == ‘business’) $business = true;
}
$result = mysql_select_db("ADDRESSBOOK", $link);
if (! $result) {
echo "Failed to connect to database.\n";
}
else
{
$result = mysql_query("insert into Contacts (FullName, PhoneNumber, PhoneType,
Address, Friend, Family, Business)
values ('$fullname', '$phonenumber', '$phonetype', '$address', $friend, $family,
$business);", $link);
if (! $result) {
echo "<p>MySQL Error: " . mysql_error($link) . "</p>\n";
}
else
{
echo "<p>Contact added to the database.</p>";
}
}
mysql_close($link);