Ok, well from what i understand form your question.
You use VALIDATION!!! 
which you should ALWAYS do remember the golden rule NEVERN TRUST THE USER!
user can do all sorts of nasty things through forms and logins and everything else.
which is why u must protect it 
you should use mysql_real_escape_string() which protects your from sql injection.
so you should do:
PHP Code:
$inputvar = =(isset($_POST['input'])) ? mysql_real_escape_string($_POST['input'],$link_db) : '';
then you can do soemthing like
if(!empty($input1) || !empty($input2))
{
//insert it into your database
mysql_query("insetr into db ehrenek") or die ()
}
else {
echo "form not posted because input 1 and 2 are empty!!!";
}
i would advise to add aload more validation than that tho, you should ensure beyond doubt that the info you are saving is what you want it to be.
if it suposed to be a number make sure its a number (is_numeric) remove HTML from it unless it should have HTML, basically clean it as much as possible.
If you would like me to write the valdiation for your form(s), and i would do it cheap
Dan
__________________
Discounted Web Hosting With XDnet! >> Get 25% of hosting~ Promo: Webmaster-talk <<
|
