Just joined and btw it spits out an error which doesn't make sense (I managed to get here after all):
Anyway, want to know from you guys if the following function would make input safe, but allow me to develop relatively quickly:Failed sending email :: PHP ::
DEBUG MODE
Line : 236
File : emailer.php
Code: Select all
function makesafe(){
foreach ($_POST as $k => $v)
{
if (is_array($v))
{ $_POST[$k] = trim(mysql_real_escape_string(htmlentities($v, ENT_QUOTES))); }
else
{ $_POST[$k] = trim(mysql_real_escape_string(htmlentities($v, ENT_QUOTES))); }
/// question: would I be safe only going:
// $_POST[$k] = trim(htmlentities($v, ENT_QUOTES));
}
}Code: Select all
if(isset($_POST['Submit'])){
makesafe();
$sql = "insert into `table` set `field` = '$_POST[value]' .............I read in one of the posts that $_GET items should be dealt with also; would you recommend (from the site-wide included file):
Code: Select all
foreach ($_GET as $k => $v)
{
if (is_array($v))
{ $_GET [$k] = trim(mysql_real_escape_string($v, ENT_QUOTES)); }
else
{ $_GET [$k] = trim(mysql_real_escape_string($v, ENT_QUOTES)); }
}
}