Hello
As the user may type strings that contain verboten characters like
apostrophes, I need to go through the $_POST[] array, and use
addslashes() on each and every item
But it doesn't make any difference:
==========
<?php
switch ($_POST['status']) {
case "Test":
print $_POST['dummy'] . "<p>\n";
foreach ($_POST as $key =$value)
$$key = addslashes($value);
print $_POST['dummy'] . "<p>\n";
$sql = sprintf("INSERT INTO mytable VALUES
('%s')",$_POST['dummy']);
print "$sql<p>";
/*
Bill's cigar
Bill's cigar
INSERT INTO mytable VALUES ('Bill's cigar')
*/
break;
default:
echo "<form method=post>";
echo "<input type=hidden name=dummy value=\"Bill's cigar\">";
echo "<input type=submit name=status value=Test>";
echo "</form>";
break;
}
?>
==========
What am I doing wrong?
Thank you.