[SOLVED] mysql_real_escape_string

[tfburges]

I must not understand exactly how this function works because I've tried everything I've found on the net and it just isn't working.

 

 

I don't understand why I would have to use anything beyond the following code:

$report_name = mysql_real_escape_string($_POST['report_name']);
$section_name = mysql_real_escape_string($_POST['section_list']);
$section_name = mysql_real_escape_string($_POST['section_name']);
$field_desc = mysql_real_escape_string($_POST['field_desc']);
$input_name = mysql_real_escape_string($_POST['input_name']);
$preset = mysql_real_escape_string($_POST['preset']);
$field_type = mysql_real_escape_string($_POST['field_type']);
$unit_type = mysql_real_escape_string($_POST['unit_type']);
$required = (isset($_POST['required']) && $_POST['required'] == '1')? 1 : 0;
$add_preset = (isset($_POST['add_preset']) && $_POST['add_preset'] == '1')? 1 : 0;
$preset_name = mysql_real_escape_string($_POST['preset_name']);
$query_reports = "INSERT INTO reports VALUES ('$report_name','$section_name','$field_desc','$input_name','$preset','$field_type','$unit_type','$required','$add_preset','$preset_name')";
mysql_query($query_reports,$link) or die ('MYSQL error: ' . mysql_error());

Of course, nothing gets inserted into the database when an apostrophe is used; but again, I don't understand why.  I thought mysql_real_escape_string was supposed to solve that problem.

[PFMaBiSmAd]

it just isn't working.

Well what is happening?

[mbeals]

do

 

echo $query_reports;

 

and post the result

[tfburges]

do

 

echo $query_reports;

 

and post the result

Thank you!  This helped me figure out what was wrong immediately.  The data actually was being inserted, but I was moving the distinct rows to another table and wasn't using another mysql_real_escape_string to do so, so it wasn't being inserted into the latter table.

 

I surrounded mysql_result() with mysql_real_escape_string() and it works great now.

 

Thanks again!