[SOLVED] mysql_real_escape_string problem

[kevinkhan]

ok when i run this script i get this error

 

_______________

 

Subject creation failed.

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's', 20, 1 )' at line 4

 

_________________

 

Shouldnt the funtion automatically insert escaping slashes into the variable $menu_name ???

 

If i set $menu_name = kevin it works perfectly...

 

What could be the problem??

 

 

 

 

 

<?php ob_start(); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
function mysql_prep($value)
  {
    $magic_quotes_active = get_magic_quotes_gpc();
    $new_enough_php = function_exists( "mysql_real_escape_string" ); 
    // i.e. PHP > v4.3.0
    
    if($new_enough_php) 
      {
      // PHP v4.3.0 or higher.
      // undo any magic quote effects so mysql_real_escape_string can do the work
        if($magic_quotes_active)
          {
          $value = stripslashes($value);
          }
          $value = mysql_real_escape_string($value);
      }
        else
          {
          // before PHP v4.3.0
          // if magic quotes aren't already on then add slashes manually
            if(!$magic_quotes_active)
              {
              $value = addslashes($value);
              }
            // if magic quotes are active, then the slashes already exist
          }
          return $value;
  }
  
  
  
  $menu_name = "kevin's";
  $position = 20;
  $visible = 1;
  
  mysql_prep($menu_name);


$query = "INSERT INTO subjects (
              menu_name, position, visible
              ) VALUES (
                '{$menu_name}', {$position}, {$visible}
              )";
        if(mysql_query($query
        ))
          {
            // Success
            header("Location: content.php");
            exit; 
            // always need exit when sending header information
          }
        else
          {
          // Display error message
          echo "<p>Subject creation failed.</p>";
          echo "<p>" . mysql_error() . "</p>";
          }


?>

[Mchl]

Why run a  function when you don't use it's result?

 

$menu_name = mysql_prep($menu_name);

[kevinkhan]

Thats brilliant thanks

 

Keep forgetting to set the result as a variable......

[Mchl]

Do you seriously expect to find a pre 4.3 hosting somewhere?

[kevinkhan]

probably not thinking about it..

 

Im just trying to learn php at the moment so im trying lots of things...

[Mchl]

Oh...

PHP 4.3.0 was released in December 2002. Just letting you know

http://www.php.net/ChangeLog-4.php#4.3.0

[kevinkhan]

ohh....

 

Can safely leave out this piece of code so

 

Thanks for your help...

 

How do you put solved in the topic.. cant seem to find the option anywhere

[Mchl]

Should be at the bottom on the left side.

[kevinkhan]

Thank you