// Evitamos la inyeccion SQL // Modificamos las variables pasadas por URL foreach( $_GET as $valor ){ $_GET [ $variable ] = str_replace ( "'" , "'" , $_GET [ $variable ]); $_GET [ $variable ] = mysql_real_escape_string($_GET [ $variable ]) } // Modificamos las variables de formularios foreach( $_POST as $valor ){ $_POST [ $variable ] = str_replace ( "'" , "'" , $_POST [ $variable ]); $_POST [ $variable ] = mysql_real_escape_string($_GET [ $variable ]) } ?>
+34 948 646 550
11.15€
38.00€
19.70€