I'm using this:
[PHP]<?php
if (isset($_POST['submitted']))
{
$city = htmlspecialchars($_POST['city']);
if (!get_magic_quotes_gpc())
{
$city = addslashes($city);
}
$query = "INSERT INTO table VALUES ('', '$city');
$result = mysql_query($query) or die('There was an error');
if ($result)
echo "<br>Entry Added!";
footer(); // Include the HTML footer.
exit();
mysql_close();
}
?>
The form goes here.[/PHP]
Isn't this suppost to change the @ sign and put slashes before single quotations (')? When I look into my database I don't see where these have been changed. I'm not seeing a problem on the front side, but could it become a problem?
I've not allowed a user to submit data directly into my database before. I've always used a form-mail to have the user information sent to me, then I would put the data into the database. However, there is a time delay in doing it this way and I'd like the user to be able to edit his/her's own information. Just want to have some sense of security though.
Why is this showing up in red?