The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End php variables Reply To: php variables


i used htmlspecialchars so i don’t get sql injection or something like that

In that case, re-read my post above: using htmlspecialchars will not prevent sql injection. It has nothing at all to do with databases. Specifically, it will allow sql injection.

How you go about preventing sql injection will depend on what database you use and what php extension you use to connect to it. If you are using MySQLi or PDO, you should use prepared statements.

but this code …
print you have missed db field isn’t it ??? i want to print you have missed database field

I don’t know, specifically. It will print the name of the field in question. If you want more control over your error messages, you can create another array to hold them:

$error_messages = [
    "dbname" => "You have missed the database name field",
    "dbusername" => "You have missed the database username field",
    // etc. ..

and later:

foreach( $list as $fieldName ){
    if( empty( $_POST[$fieldName] ) ){
        $error[$fieldName] = $error_messages[$fieldName];