Codice PHP:
public function sanitize($val) {
$val = trim($val);
$val = htmlentities($val);
$val = stripslashes($val);
$val = strip_tags($val);
}
public function insert($nome, $cognome, $data_nascita, $cel, $tel, $fax, $soc, $carica, $email1, $email2, $sito, $casa, $uff) {
$sql = "INSERT INTO contatti (nome, cognome, data_nascita, cellulare, telefono, fax, societa, carica, email_1, email_2, sito_web, indirizzo_casa, indirizzo_uff) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)";
try {
$prepare = $this->pdo->prepare($sql);
$prepare->execute(array(
sanitize($nome),
sanitize($cognome),
sanitize($data_nascita),
sanitize($cel),
sanitize($tel),
sanitize($fax),
sanitize($soc),
sanitize($carica),
sanitize($email1),
sanitize($email2),
sanitize($sito),
sanitize($casa),
sanitize($uff)
));
header('location:index.php');
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "
";
die();
}
}
nn so se metterci anche mysql_real_escape_string.