Data filtering
Posted: Thu Dec 01, 2005 12:35 pm
Hi all,
Hope someone could please help me. I have built a small site with shopping cart. When a user adds items and enters personal details all the information is filtered and stored into temp tables in a db. Then the user is directed to payment processing provider, if the transaction is successful the user is redirected back to a complete page. On this page a query is performed temp tables and the details are inserted into permanent tables. However, the data seems to be unclean as if there are any characters such as ' in the records the permanent table will not accept them and an error happens. I thought that once the data was cleaned for the temp and then inserted into the permanent table it would not need to be cleaned, could you tell me if this is correct?
The query for temp table and data insert for permanent table is below.
}
Is the way of cleaning the data in this code? i would really apprciate any help, suggestions etc and thanks in advance
Kind regards,
Steven
Hope someone could please help me. I have built a small site with shopping cart. When a user adds items and enters personal details all the information is filtered and stored into temp tables in a db. Then the user is directed to payment processing provider, if the transaction is successful the user is redirected back to a complete page. On this page a query is performed temp tables and the details are inserted into permanent tables. However, the data seems to be unclean as if there are any characters such as ' in the records the permanent table will not accept them and an error happens. I thought that once the data was cleaned for the temp and then inserted into the permanent table it would not need to be cleaned, could you tell me if this is correct?
The query for temp table and data insert for permanent table is below.
Code: Select all
$query4 = "SELECT * FROM Temp_Shipping where shipping_id = '$sessid'";
$results4 = mysql_query($query4) or die(mysql_error());
while ($rows4 = mysql_fetch_array($results4)) {
extract($rows4);
$insert4 = ("INSERT INTO Shipping (order_id, s_company, s_building, s_address_line_one, s_address_line_two, s_city,
s_county, s_country, s_post_code, s_telephone, s_mobile, s_fax, s_comments, s_items)
VALUES (
'$new_order_id',
'$s_company',
'$s_building',
'$s_address_line_one',
'$s_address_line_two',
'$s_city',
'$s_county',
'$s_country',
'$s_post_code',
'$s_telephone',
'$s_mobile',
'$s_fax',
'$s_comments',
'$s_items')");
$Result4 = mysql_query($insert4) or die(mysql_error());}
Is the way of cleaning the data in this code? i would really apprciate any help, suggestions etc and thanks in advance
Kind regards,
Steven