php how insert 6 array from one form to database [duplicate]

php mysqli

Solution 1:

You need to use prepared statements in order to avoid errors and vulnerabilities of all sorts and also to get some minor performance gain

$stmt = $db->prepare("UPDATE site_email_templates SET Content=? WHERE ID = ?");
$stmt->bind_param("ss", $content, $id);
foreach ($postdata as $id => $content)
{
    $stmt->execute();
}

Reference: How can I prevent SQL injection in PHP?

Solution 2:

Note: My answer is based on the PDO driver which in many aspects is better than mysqli. If you need mysqli solution please check the other answer provided by @Your Common Sense

The code below is tested on real environment and served with prepared statement preventing SQL-injection:

$sql = "UPDATE `site_email_templates` SET `Content` = (:content) WHERE `Id` = (:id)";
$stmt = $dbConn->prepare($sql);
foreach ($postdata as $id => $content)
{
    $stmt->execute([':id' => $id, ':content' => $content]);
}

For more details about SQL injection you can read more:
https://www.owasp.org/index.php/SQL_Injection

Related

How can I set the destination to "anywhere" in the iptables?
Cubic custom ISO which executes shell script at startup
Why do we need Wayland (or X)? [duplicate]
How do i click popup save button using seleium python?
how to generate random number [closed]
Apache file ownership and envvars
What kind of machine can I use to install Linux Ubuntu? [closed]
What is the min. size of the Hard Drive to install Ubuntu? I am a new user
Can't migrate or makemigrations while trying to runserver
Glasswire alternative for Ubuntu?
How do I create a script file for terminal commands that require sudo permissions
Change icon of stand alone application, (AppImage)