// Evitamos la inyeccion SQL // Modificamos las variables pasadas por URL foreach( $_GET as $valor ){ $_GET [ $variable ] = str_replace ( "'" , "'" , $_GET [ $variable ]); $_GET [ $variable ] = mysql_real_escape_string($_GET [ $variable ]) } // Modificamos las variables de formularios foreach( $_POST as $valor ){ $_POST [ $variable ] = str_replace ( "'" , "'" , $_POST [ $variable ]); $_POST [ $variable ] = mysql_real_escape_string($_GET [ $variable ]) } ?>
+34 948 646 550
50.45€
47.10€