[SOLVED] More escaping problems - on UPDATE statement

[cclark40]

I am rather confused as I have one page that works and this one which appears to be technically the same but will not UPDATE when the update string contains a '.  Works fine when the string has no ' in it.

 

I have checked with echo "$clubwhen1update";  and the ' appears in the string that shows there so it is coming through the form OK and picking up the variable but the UPDATE just does nothing - no error message but data not updated.  Is there anything I can do to get the UPDATE working to put say    Rick O'Shea  as a string into the database (I have no escaping problems when displaying the data so would rather avoid using \ in the database and stripslashes.  Thanks...

 

 

$clubwhen1update =$_POST['clubwhen1update'];

 

$query="UPDATE clubs SET

clubwhen1='$clubwhen1update'

WHERE clubname='$clubnameclicked'";

[Gulsaes]

Hey

 

Can we assume that you are doing

after your $query variable ?

 

$update = mysql_query($query) or die(mysql_error());

 

 

also is there a value in $clubnameclicked.

[Mchl]

Just use mysql_real_escape_string

[cclark40]

mchl - won't that put a \ in front of the '  ?

[Mchl]

There's no other simple way you can insert ' into a database. End when you get data from database end echo it out, these slashes won't be rendered anyway.

[cclark40]

Cool - that works fine.  Previously I had a problem where it kept adding additional slashes each time users updated but it doesn't seem to do that now.

 

Now I just need to work why how my other page works fine without mysql_real_escape_string()  !!!

 

THANKS

[Mchl]

Maybe you have magic quotes or some other configuration option like that enabled there.