Jon W
01-05-2008, 11:32 PM
Hi, I've been trying to user a mysql_real_escape_string in one of my script in a if statement. I haven't used them much and not to sure how and when I should use these. I was trying to make a sample form for when a user submit info to the form it would go a mailing address. But when I uploaed the script it said that on line 10 there was a error. Like I said, I haven't used mysql_real_escape_string that much and not to sure how to use them. I know what they do, but not don't eactly if I'm suppose to do this:
mysql_real_escape($_POST['fname']);
//or like this..
(mysql_real_escape_string($_POST['fname']));
Heres my full script of what I was trying to do:
<?php
$submit = $_POST['submit'];
if(isset($submit))
{
if(mysql_real_escape_string($_POST['fname') !='' && mysql_real_escape_string($_POST['lname']) !='' && mysql_real_escape_string($_POST['email']) !='' && mysql_real_escape_string($_POST['email']) == mysql_real_escape_string($_POST['confrim_email']) && mysql_real_escape_string($_POST['msg']) !='')
{
$sendTo = 'email@yahoo.com';
$header = "From: ".mysql_real_escape_string($_POST['email'])."";
$subject = 'Query';
$message = "".mysql_real_escape_string($_POST['msg']."";
mail($sendTo, $header, $subject, $message);
}
}
?>
So I was just wondering if I could get some help on how and when I should use these. Like I said, I understand what they do, but not to sure if I should use these when I'm submiting something to a E-mail address, or if its just for database submissions. So if someone could clear this up for me it would be great. Perhaps to give me a idea what I'm doing wrong in my script as well if I'm using the function right.
Thanks
Jon W
mysql_real_escape($_POST['fname']);
//or like this..
(mysql_real_escape_string($_POST['fname']));
Heres my full script of what I was trying to do:
<?php
$submit = $_POST['submit'];
if(isset($submit))
{
if(mysql_real_escape_string($_POST['fname') !='' && mysql_real_escape_string($_POST['lname']) !='' && mysql_real_escape_string($_POST['email']) !='' && mysql_real_escape_string($_POST['email']) == mysql_real_escape_string($_POST['confrim_email']) && mysql_real_escape_string($_POST['msg']) !='')
{
$sendTo = 'email@yahoo.com';
$header = "From: ".mysql_real_escape_string($_POST['email'])."";
$subject = 'Query';
$message = "".mysql_real_escape_string($_POST['msg']."";
mail($sendTo, $header, $subject, $message);
}
}
?>
So I was just wondering if I could get some help on how and when I should use these. Like I said, I understand what they do, but not to sure if I should use these when I'm submiting something to a E-mail address, or if its just for database submissions. So if someone could clear this up for me it would be great. Perhaps to give me a idea what I'm doing wrong in my script as well if I'm using the function right.
Thanks
Jon W