When i am preparing my data for insertion into the database i am adding mysql_real_escape_string, but how do i add it to the about_me part. //retrieve form data in a variable $firstname = mysql_real_escape_string($_POST['firstname']); [b]$about_me[/b] = '?'; PHP: thanks
Assuming that the name of the text field is "about_me", you would do it in the same way: $about_me = mysql_real_escape_string($_POST['about_me']); PHP: Brew
No sorry, there is no text field called, about_me. I am just giving about_me a value of "?" so that it will be inserted into the database (it will be used later on) But just incase someone tries to mess around with my code i want to add mysql_real_escape_string infront of it
OK, in that case there is no need to use mysql_real_escape_string. This function is only used to sanitize user input. Brew
Ok, cool, thanks... but could someone not adjust my code so that they can put their own value in no... And also, when someone types in "example's" into the Music field, it prints out as example\'s under their profile - How do i ammend this
No, they would not be able to change the code unless they had write access to the file. Use stripslashes() to remove the slashes. I would also recommend using htmlentities() on the output as well - this will stop users from adding their own html / javascript into your code Brew
Ok, thanks for all your help, but can i ask you just one more little question, where do i use the stripslashes, is it for when you are out putting the data as would it not interfere with mysql_real_escape_string if it was used when you are inputting the data, thasnk for all your help Brew