Re: [PHP] Temporary MySQL Tables
Perhaps you can check the data of the fields before it goes to the next form. For example, if (ereg("^.*[^a-zA-Z0-9\-].*$", $Username)) { die("Your username contains invalid characters. Only alphanumeric characters and dashes are allowed."); } Hope that helps. - Original Message - From: "Georgie Casey" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, March 21, 2002 3:09 PM Subject: [PHP] Temporary MySQL Tables > Hi, > > On my site now, there's a lengthy register process where the user has to > fill in 5 forms, one after the another. I get the PHP script to echo the > values from the previous into the next form by using > "; > ?> > for example. Then I keep carrying the information over to each extra form > until the user reaches the last page and I insert all the info into a table > called "tempmembers" with an extra timestamp field which I use to verify > email addresses. The user gets an email saying click here to verify your > membership with the username and timestamp in the URL. The users clicks it, > and I run a SQL command that copies the row from "tempmembers" into the > "members" table. > > This process worked well for a while until I discovered if users enter a > single or double quote into any of the fields, it fecks everything up. So I > added an addslashes command but it's all getting a bit hairy so I was > looking for some advice on MySQL temporary tables for either using after > every form or at the end of all the forms. > > Or does anyone have any other method I could use??? Thanks for any help > you might have. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Temporary MySQL Tables
Couldn't you just use substr_replace and the html endcoding for a double quote (") ? "; ?> - Original Message - From: "Georgie Casey" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, March 21, 2002 2:09 PM Subject: [PHP] Temporary MySQL Tables > Hi, > > On my site now, there's a lengthy register process where the user has to > fill in 5 forms, one after the another. I get the PHP script to echo the > values from the previous into the next form by using > "; > ?> > for example. Then I keep carrying the information over to each extra form > until the user reaches the last page and I insert all the info into a table > called "tempmembers" with an extra timestamp field which I use to verify > email addresses. The user gets an email saying click here to verify your > membership with the username and timestamp in the URL. The users clicks it, > and I run a SQL command that copies the row from "tempmembers" into the > "members" table. > > This process worked well for a while until I discovered if users enter a > single or double quote into any of the fields, it fecks everything up. So I > added an addslashes command but it's all getting a bit hairy so I was > looking for some advice on MySQL temporary tables for either using after > every form or at the end of all the forms. > > Or does anyone have any other method I could use??? Thanks for any help > you might have. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Temporary MySQL Tables
On Thu, 21 Mar 2002, Georgie Casey wrote: >-Hi, >- >-membership with the username and timestamp in the URL. The users clicks it, >-and I run a SQL command that copies the row from "tempmembers" into the >-"members" table. I assume you are building up all your fields as you move through the site. I would just perform an INSERT into your tempmebers table right away setting whatever fields you have at this point. Then as I pass through each data entry page, I would do UPDATES to that record updating only those new fields, leaving the old ones alone and thus preserved. This way you only have to pass a record ID and the new parameters on each page thus eliminating moving data through the URL. Yuk. Anyway, that's what I would do. >- >-This process worked well for a while until I discovered if users enter a >-single or double quote into any of the fields, it fecks everything up. So I >-added an addslashes command but it's all getting a bit hairy so I was >-looking for some advice on MySQL temporary tables for either using after >-every form or at the end of all the forms. >- >-Or does anyone have any other method I could use??? Thanks for any help >-you might have. >- >- >- >--- >-PHP General Mailing List (http://www.php.net/) >-To unsubscribe, visit: http://www.php.net/unsub.php >- ** John Huggins VANet [EMAIL PROTECTED] http://www.va.net/ ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php