PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have a form that runs a file called check.processor.php when the submit button is clicked.
The check.processor.php performs :
1st. the forms validation
2nd. inserts the data into the database
My Question is, when do i start using mysql_real_escape_string. Do i need to use it:
1. as soon as i start the forms validation
2. or can i just use it before i insert the data into the database after the validation has been done
Before DB insert.
A little example. You have 'user_name' which contains the first and the last name of some user.
For example the name of user is John O'Henry.
Valid DB value would be John O\'Henry but if some user input John O\'Henry in our form error should appears.
There is one exception to that rule: if your validation contains some sql query (for example you check if some value already exists in the database) you have to escape it before that