[williamh26]

Hi guys i am trying to sanitizing the data entry.. but for some reason it does not happen... help

PHP Code:

<?php



$galleria_id=$_POST['cat'];



   if (isset($_POST['name'])) {

   

   $name=sanitize($_POST['name']);

   $texto=sanitize($_POST['texto']);



   }







   $query = "INSERT INTO eventogaleria (galleria_id,name,texto)" .

            " VALUES ('$galleria_id','$name','$texto')";

            

            



   $result = mysql_query($query) or die('Unable to add product');

   if ($result)



      echo "<h2>Una Nueva Foto ha sido anadida al album</h2>\n";

      

   else



      echo "<h2>Ha habido un problema andaidiendo tu foto.</h2>\n";

?>

sanitize data function

PHP Code:

<?php

function sanitize($data)

{

// remove whitespaces (not a must though)

$data = trim($data);



// apply stripslashes if magic_quotes_gpc is enabled

if(get_magic_quotes_gpc())

{

$data = stripslashes($data);

}



// a mySQL connection is required before using this function

$data = mysql_real_escape_string($data);



return $data;

}

?>

thanks

[DanielVS]

Seems right. But is happening that should not be happening, or what is not happening that should be happening? Say that five times fast =)