Jump to content

Search the Community

Showing results for tags 'mysql_real_escape_string'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (PhpStorm, VS Code, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL








Donation Link

Found 4 results

  1. Good morning, I am trying to implement a simple sanitization of data before inserting in my database and am having a little trouble due to the fact that I am using a third party script that is accessing posted variables in a way that is unfamiliar to me... here's the data. The problem area is red. The form simply hangs up when submitted. I have used this method in the past, but not with an object operator. // insert into database $servername = "localhost"; $username = "psychtoo_richart"; $password = "mypassword"; $dbname = "mydatabase"; $fname = mysql_real_escape_string($easyForm->field['fname']['value']); $lname = $easyForm->field['lname']['value']; $title = $easyForm->field['title']['value']; $agency = $easyForm->field['agency']['value']; $telephone = $easyForm->field['telephone']['value']; $interest = $easyForm->field['interest']['value']; $email = $easyForm->field['email']['value']; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } // sql statement $sql= "INSERT INTO registration (registration_date, fname, lname, title, agency, phone, interest, email) VALUES (NOW(), '$fname', '$lname', '$title', '$agency', '$telephone', '$interest2', '$email' )"; $conn->query($sql); $conn->close();
  2. I'm trying to pass a NULL to a stored procedure in a PHP script to MySQL, and I am scrubbing the variables using mysql_real_escape_string, but the NULLs that are passed are giving me problems. My script should look like this: call spMyStoredProc(1,2,NULL,'username'); but unfortunately I get: call spMyStoredProc(1,2,,'username'); I am wondering if I want to move away from using mysql_real_escape_string, and possibly write my own function? Anybody have any ideas? thanks, Frank C
  3. "What's new to the site?" shows up as "What\'s new to the site?". Why is this? How can I prevent this? How it is ran through the site: $pagetitle = mysqli_real_escape_string ($mysqli, $pagetitle); $pagetitle = cleansafelynow($pagetitle); I did google this problem and nothing seemed to help me. It shows up fine when not going through mysqli_real_escape_string. The function used: function cleansafelynow($var) { if (@get_magic_quotes_gpc()) {stripslashes($var);} strip_tags($var); htmlspecialchars($var, ENT_QUOTES); return $var; } I also tried stripshlashes() alone and not going through the if statement and it remains the same. Is there something I can do to remove all backslashes possibly? Or maybe a different way to accomplish this? magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase are all off.
  4. Hi, I am trying to insert data into MySQL. Input data is sometimes not very neat. For example "com – What". When I added addslashes, mysql_real_escape_string, I expected that these non standards characters be inserted as-is or with escape sequences. When I perform inserts, data in MySQL DB looks strange. For example, above example (com – What) transformed into "com – What". "didn’t stop" is not being escaped as "didn\nt stop". How do I make sure that data in MySQL database is proper and as expected?
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.