-1

Am using the following code to protect SQL injection will this work

  • am using this in net beans am getting error in $_POST the error is do not access supergloab $_post directly how do i solve this WARNING MESSAGE

    $place = mysql_real_escape_string($_POST['place']);
$product = mysql_real_escape_string($_POST['product']);
$type = mysql_real_escape_string($_POST['type']);
$title = mysql_real_escape_string($_POST['title']);
$detail = mysql_real_escape_string($_POST['detail']);
$mobilebrand = mysql_real_escape_string($_POST['mobilebrand']);
$mobilemodel = mysql_real_escape_string($_POST['mobilemodel']);
$mobilecond = mysql_real_escape_string($_POST['mobilecond']);
$price = mysql_real_escape_string($_POST['price']);
$location = mysql_real_escape_string($_POST['location']);
$description = mysql_real_escape_string($_POST['description']);
$youare = mysql_real_escape_string($_POST['youare']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$phonenumber = mysql_real_escape_string($_POST['phonenumber']);
sanoj lawrence
  • 951
  • 5
  • 29
  • 69
  • 1
    Try [Prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) Or [PDO](http://php.net/manual/en/book.pdo.php). Also mysql extension is [deprecated](http://stackoverflow.com/questions/13944956) as of PHP 5.5.0, and will be removed in the future. – bansi Sep 23 '14 at 16:09

1 Answers1

2

Do it like this:

$place = filter_input(INPUT_POST, $_POST["place"]);
...
Sergey6116
  • 124
  • 5