problems with mysql_escape_string

[skateme]

I was reading about mysql_escape_strings and how they're much more secure than just calling a variable using $_POST. I tried it out in my code but I always get an error saying:

 

Use of undefined constant 'delete' - assumed 'delete' in .......... on line 9

 

How do I fix this error? This is my code

 

$delete = mysql_query("delete from mytable where user='".mysql_escape_string($_REQUEST[delete])."'",$c);
$delete;

 

To simplify reading, the code is: where user = quote double-quote . mysql_escape_string($_REQUEST[delete]). double-quote quote double-quote

 

I also have another question. How do I store timestamps in my database? When I'm updating/inserting a new entry I just put ' ' for the value of timestamp but it doesn't work.

 

Thanks in advance!

[pocobueno1388]

It's mysql_real_escape_string(), not mysql_escape_string().

 

Try

$delete = mysql_query("DELETE FROM mytable WHERE user='".mysql_real_escape_string($_REQUEST['delete'])."'",$c);

 

Also, what is the point of the line below the query? I don't understand why you just have $delete there.

[skateme]

Thanks for the reply but I got an error:

 

Fatal error: Call to undefined function  mysql_query() in ........... on line 8

 

When I removed the single quotes from $_REQUEST['delete'] and changed the query to all lowercase, that error was gone. Instead I was left with the original error:

 

Use of undefined constant 'delete' - assumed 'delete' in .......... on line 8

 

 

Any ideas?

[fenway]

You sure mysql is correctly configured?