coutts Posted August 18, 2008 Share Posted August 18, 2008 Hi can anyone tell me why the following code fails ie doesnt work, obviously I have a syntax problem but I have limited knowledge to fix it - I do BTW have an active connection by this stage of the code Thanks Robert $sql="INSERT INTO my_table (ID, username, approved, composition) VALUES ('',mysql_real_escape_string($_POST['username']),mysql_real_escape_string($_POST['approved']),mysql_real_escape_string($_POST['composition']))"; Link to comment https://forums.phpfreaks.com/topic/120229-solved-mysql_real_escape_string-with-post/ Share on other sites More sharing options...
Mchl Posted August 18, 2008 Share Posted August 18, 2008 You can't call functions within "" quotes. Link to comment https://forums.phpfreaks.com/topic/120229-solved-mysql_real_escape_string-with-post/#findComment-619339 Share on other sites More sharing options...
coutts Posted August 18, 2008 Author Share Posted August 18, 2008 This did work until I started adding the mysql_real_escape_string even with the quotes although this reminds me on another problem that I was instructed not to use "" to make a variable out of aN SQL string and then try to run it. What would you suggest. Link to comment https://forums.phpfreaks.com/topic/120229-solved-mysql_real_escape_string-with-post/#findComment-619344 Share on other sites More sharing options...
Mchl Posted August 18, 2008 Share Posted August 18, 2008 (at least) Two solutions are possible: 1st $username = mysql_real_escape_string($_POST['username']); $approved = mysql_real_escape_string($_POST['approved']); $composition = mysql_real_escape_string($_POST['composition']); $sql="INSERT INTO my_table (ID, username, approved, composition) VALUES ('','$username','$approved','$composition')"; 2nd $sql="INSERT INTO my_table (ID, username, approved, composition) VALUES ('','".mysql_real_escape_string($_POST['username'])."','".mysql_real_escape_string($_POST['approved'])."','".mysql_real_escape_string($_POST['composition'])."')"; In general, you cannot do someting like this: $var = "mysql_real_escape_string($argument)"; Only variables are recognized within "" quotes. Functions are not. Link to comment https://forums.phpfreaks.com/topic/120229-solved-mysql_real_escape_string-with-post/#findComment-619350 Share on other sites More sharing options...
coutts Posted August 18, 2008 Author Share Posted August 18, 2008 I used example #1 as I did have a page made up like that which hadnt been working either - but I could see from your example what the problem was. As a VB programmer this is quite a switch to using server side languages such as PHP and SQL database - VB is simpler Thanks for your help Rob Link to comment https://forums.phpfreaks.com/topic/120229-solved-mysql_real_escape_string-with-post/#findComment-619361 Share on other sites More sharing options...
Mchl Posted August 18, 2008 Share Posted August 18, 2008 I never could get used to VB... It wasn't simple to me at all... Link to comment https://forums.phpfreaks.com/topic/120229-solved-mysql_real_escape_string-with-post/#findComment-619433 Share on other sites More sharing options...
coutts Posted August 18, 2008 Author Share Posted August 18, 2008 I think if you start programming using VB its simpler - if you start with any other language it isnt. I think most languages share some of the same syntax and basic structure - VB is totally different so I dont think it is a good starter language Link to comment https://forums.phpfreaks.com/topic/120229-solved-mysql_real_escape_string-with-post/#findComment-619441 Share on other sites More sharing options...
Mchl Posted August 18, 2008 Share Posted August 18, 2008 I started with BASIC... but it has nothing to do with VB Link to comment https://forums.phpfreaks.com/topic/120229-solved-mysql_real_escape_string-with-post/#findComment-619446 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.