Menu
it's about one day that I'm looking for a solution, however I don't have all the necessary skills to understand whether what I found is the right or solution or not. So, in conclusion, what are the minimum validation that I have to do before storing a text, received by a post method, into an MySQL DB? Thanks
811
Using PDO (or mysqli) with prepared statements:
$st = $db->prepare('INSERT INTO test (x) VALUES (?)');
$st->execute(array($_POST['text']));
Done.
If you want to use the old mysql extension, you might want to use mysql_real_escape_string instead on all values you insert into the query.
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
