Page 1 of 1

question - addslashes

Posted: Wed Mar 19, 2014 10:08 am
by ali90
Question from paper :Write code to store the details submitted from the form into the database.

My Query : In the solution they have requested a couple of names using GET function and then uses addshashes on a couple of them . I read on a website
http://www.w3schools.com/Php/func_string_addslashes.asp
that addshashes is by default used on all GET and POST functions so does this means that there is no need to apply addslashes here ?

Answer:
// assume connection already established from part c) i)
$fullname = $_GET['fullname'];
$phonenumber = $_GET['phonenumber'];
$address = $_GET['address'];
$phonetype = $_GET['phonetype'];
$relationship = $_GET['relationship'];
$fullname = addslashes($fullname);
$phonenumber = addslashes($phonenumber);
$address = addslashes($address);
$friend = false;
$family = false;
$business = false;
foreach($relationship as $rel)
{
if ($rel == ‘friend’) $friend = true;
if ($rel == ‘family’) $family = true;
if ($rel == ‘business’) $business = true;
}
$result = mysql_select_db("ADDRESSBOOK", $link);
if (! $result) {
echo "Failed to connect to database.\n";
}
else
{
$result = mysql_query("insert into Contacts (FullName, PhoneNumber, PhoneType,
Address, Friend, Family, Business)
values ('$fullname', '$phonenumber', '$phonetype', '$address', $friend, $family,
$business);", $link);
if (! $result) {
echo "<p>MySQL Error: " . mysql_error($link) . "</p>\n";
}
else
{
echo "<p>Contact added to the database.</p>";
}
}
mysql_close($link);

Re: question - addslashes

Posted: Wed Mar 19, 2014 10:25 am
by Celauran
Forget addslashes. While you're at it, forget w3schools. It's terrible. You need to escape data before inserting it into a database or, better still, use prepared statements. mysql_ functions have been considered worst practice for years, have been deprecated, and will be removed from the language altogether. You'd do well to spend some time becoming familiar with PDO.

Re: question - addslashes

Posted: Thu Mar 20, 2014 2:19 am
by ali90
Thanks , can you type in code for the above question . Actually I have an exam a couple of days from now on and I am thinking if i can pass it .. I will look into PDO but it looks like this needs some time to understand .