That will take each posted string and escape special characters for insertion into the current database. I should have specified to insert at the top after the database connection is established.
You're already using quotes so unless there's a hole in that PHP function you should be fine.
You could also add some preg_replace lines to strip out any characters that aren't allowed in any given field.
|