Re: [PHP] html forms in php

[Alain Reguera]

 I HATE Are you sure? prompts.  If I wasn't sure, I wouldn't have
 clicked it in the first place.
 
 If you want to make your users happy, trust them when they say
 Delete, but make it easy to undo.  Instead of deleting the records,
 just set the Delete flag and timestamp.  Then when the odd user
 makes a mistake, just unset that flag.  After a period of time, you
 can really delete the records that were marked a few days ago.

Thanks for that comment Scott, it helps me a lot to see what I didn't.
I've been developing with Are you sure? confirmation and it really
makes things difficult to users and slow actions' time to be
committed. Now, I've changed and all is more nice.

Thanks again, feel this is a very good practice.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: PHP MySQL insert

[Alain Reguera Delgado]

you could try:

1. get all form variables into an array
2. validate values
3. convert all values into entities using htmlentities()
4. build sql query (do some tests 'til get it right)
5. execute the built query (with proper db function)

by now, commas aren't a problem, they are limited between sql query's
quotes. If some quotes are inserted as value they are previously 
converted to its entities and do not break the sql query.

as previously said in this thread, the problem is on quoting and maybe
on converting the values to entities, to prevent some quote break the
sql structure.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php