[snip]
$first = "'".addslashes($_POST['firstname'])."'";
$last = "'".addslashes($_POST['lastname'])."'";
$email = "'".addslashes($_POST['email'])."'";
$address = "'".addslashes($_POST['address'])."'";
$city = "'".addslashes($_POST['city'])."'";
$state = "'".addslashes($_POST['state'])."'";
$zip = "'".addslashes($_POST['zip'])."'";
$comments = "'".addslashes($_POST['comments'])."'";
$newsletter = "'".addslashes($_POST['signup'])."'";
$contact = "'".addslashes($_POST['contact'])."'";
I can understand addSlashes for the first and last name, but question
the need in the other variables, please inform.
[/snip]
There is safety in numbers! While a lot of these fields may not ever
contain anything that would need to be escaped the name fields and
comments field would definitely need this. Also, if this is filled out
by 'external' users you do not want them to be able to enter anything
(like a SQL injection attack in the comments field) that might cause a
problem of some sort. Another option would be htmlentities()
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
