tfburges Posted July 2, 2008 Share Posted July 2, 2008 I must not understand exactly how this function works because I've tried everything I've found on the net and it just isn't working. I don't understand why I would have to use anything beyond the following code: $report_name = mysql_real_escape_string($_POST['report_name']); $section_name = mysql_real_escape_string($_POST['section_list']); $section_name = mysql_real_escape_string($_POST['section_name']); $field_desc = mysql_real_escape_string($_POST['field_desc']); $input_name = mysql_real_escape_string($_POST['input_name']); $preset = mysql_real_escape_string($_POST['preset']); $field_type = mysql_real_escape_string($_POST['field_type']); $unit_type = mysql_real_escape_string($_POST['unit_type']); $required = (isset($_POST['required']) && $_POST['required'] == '1')? 1 : 0; $add_preset = (isset($_POST['add_preset']) && $_POST['add_preset'] == '1')? 1 : 0; $preset_name = mysql_real_escape_string($_POST['preset_name']); $query_reports = "INSERT INTO reports VALUES ('$report_name','$section_name','$field_desc','$input_name','$preset','$field_type','$unit_type','$required','$add_preset','$preset_name')"; mysql_query($query_reports,$link) or die ('MYSQL error: ' . mysql_error()); Of course, nothing gets inserted into the database when an apostrophe is used; but again, I don't understand why. I thought mysql_real_escape_string was supposed to solve that problem. Link to comment https://forums.phpfreaks.com/topic/112941-solved-mysql_real_escape_string/ Share on other sites More sharing options...
PFMaBiSmAd Posted July 2, 2008 Share Posted July 2, 2008 it just isn't working.Well what is happening? Link to comment https://forums.phpfreaks.com/topic/112941-solved-mysql_real_escape_string/#findComment-580153 Share on other sites More sharing options...
mbeals Posted July 2, 2008 Share Posted July 2, 2008 do echo $query_reports; and post the result Link to comment https://forums.phpfreaks.com/topic/112941-solved-mysql_real_escape_string/#findComment-580162 Share on other sites More sharing options...
tfburges Posted July 2, 2008 Author Share Posted July 2, 2008 do echo $query_reports; and post the result Thank you! This helped me figure out what was wrong immediately. The data actually was being inserted, but I was moving the distinct rows to another table and wasn't using another mysql_real_escape_string to do so, so it wasn't being inserted into the latter table. I surrounded mysql_result() with mysql_real_escape_string() and it works great now. Thanks again! Link to comment https://forums.phpfreaks.com/topic/112941-solved-mysql_real_escape_string/#findComment-580175 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.