Code: Select all
function safesql($val) {
mysql_real_escape_string($val);
return $val;
}
For reference, what I'm doing is:
Code: Select all
foreach($form as $key => $value) {
if($value != $cf[$key]) {
$q = "UPDATE config SET value='".safesql($value)."' WHERE name='".safesql($key)."'";
if (!mysql_query($q)) {
error("Error while updating config values.");
}
else {
$message .= "<p>Option \"".$key."\" updated.</p>";
}
}
}