- htmlspecialchars: documentation ( source)
<?php
include 'functions.php';
$typ = $_GET['type'];
if($typ == 'loot'){
$item = htmlspecialchars($_GET['item']);
$itemid = htmlspecialchars($_GET['itemid']);
$itemimage = htmlspecialchars($_GET['itemimage']);
$enemies = htmlspecialchars($_GET['enemies']);
$players = htmlspecialchars($_GET['players']);
//if(!($item || $itemid || $itemimage || $enemies || $players)){
mysql_query("INSERT INTO test_loots (itemid, itemimage, enemies, players, item) VALUES ('$itemid', '$itemimage', '$enemies', '$players', '$item')");
//}
}
?>