Is it possible to escape a whole query instead of each searched field. For example I know I can do it like this:
$name="O'Connor";
$email="mark.O'Connor@something.com";
$name=mysql_real_escape_string($name);
$email=mysql_real_escape_string($email);
$query =("SELECT * FROM TABLE1 WHERE Name = '$name' OR Email = '$email' ");
// code to run query here
What I am looking for is a way to build my query string like this :
$query=("SELECT * FROM TABLE1 WHERE Name = '$name' OR Email = '$email' ");
$query=mysql_real_escape_string($query); // Can I escape the whole Query ??
// code to run query here
My reason for asking this Is I have a complex query which is using at around 15 variables from a form and I want to clean them all at once instead of using loads of mysql_real_escape($vairableName)...
Is this possible and can anyone exlplain how I can acheive this
Thanks in advance