Jump to content

Monsignor

New Members
  • Posts

    3
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

Monsignor's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. I see. Thank you very much for clearing that up for me.
  2. From what I understand, it's supposed to add a backslash in front of each quote so as to prevent injection. My problem is, why doesn't it?
  3. Hello all, I'm trying to clean up some user input for my database but the mysql_real_escape_string function doesn't seem to work, and neither does addslashes(). I've browsed the net and made sure I'm connected to the database before the function is called. I can't figure out what I'm doing wrong. Here's the relevant part of the code: <?php mysql_connect("localhost","adminname","adminpassword") or die (mysql_error()); mysql_select_db("databasename") or die (mysql_error()); $comment=mysql_real_escape_string($_POST['commentbox']); ?> ...and then the result is put into the database along with some other data. The database entry is correct, except, when I check the database or echo the result I get the same thing that was entered into 'commentbox'. For instance, if I enter "I am very 'confused' by this" into the box, the same string will be found in the database table. No slashes, just quotes. Anyone have an idea what's wrong with this? Because it all seems simple and correct but doesn't work.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.