Jump to content

problems with mysql_escape_string


skateme

Recommended Posts

I was reading about mysql_escape_strings and how they're much more secure than just calling a variable using $_POST. I tried it out in my code but I always get an error saying:

 

Use of undefined constant 'delete' - assumed 'delete' in .......... on line 9

 

How do I fix this error? This is my code

 

$delete = mysql_query("delete from mytable where user='".mysql_escape_string($_REQUEST[delete])."'",$c);
$delete;

 

To simplify reading, the code is: where user = quote double-quote . mysql_escape_string($_REQUEST[delete]). double-quote quote double-quote

 

I also have another question. How do I store timestamps in my database? When I'm updating/inserting a new entry I just put ' ' for the value of timestamp but it doesn't work.

 

Thanks in advance!

Link to comment
https://forums.phpfreaks.com/topic/126154-problems-with-mysql_escape_string/
Share on other sites

It's mysql_real_escape_string(), not mysql_escape_string().

 

Try

$delete = mysql_query("DELETE FROM mytable WHERE user='".mysql_real_escape_string($_REQUEST['delete'])."'",$c);

 

Also, what is the point of the line below the query? I don't understand why you just have $delete there.

Thanks for the reply but I got an error:

 

Fatal error: Call to undefined function  mysql_query() in ........... on line 8

 

When I removed the single quotes from $_REQUEST['delete'] and changed the query to all lowercase, that error was gone. Instead I was left with the original error:

 

Use of undefined constant 'delete' - assumed 'delete' in .......... on line 8

 

 

Any ideas?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.