NLCJ Posted May 3, 2010 Share Posted May 3, 2010 Hello, I've run into another (simple) problem. Lets say I've got this: $variable1 = "12"; $variable2 = "Testin' this system"; mysql_query("INSERT INTO tablename ('id', 'name') VALUES ('".$variable1."', '".$variable2."')"); That will look like this: mysql_query("INSERT INTO tablename ('id', 'name') VALUES ('12', 'Testin' this system'"); So, how do I get this right into the database? Regards, Quote Link to comment Share on other sites More sharing options...
trq Posted May 3, 2010 Share Posted May 3, 2010 mysql_real_escape_string should be used on ALL user inputted data in EVERY query. Quote Link to comment Share on other sites More sharing options...
NLCJ Posted May 3, 2010 Author Share Posted May 3, 2010 mysql_real_escape_string should be used on ALL user inputted data in EVERY query. I know, but I don't want that there comes a \'... I trust this source 100% so that will be fine... Quote Link to comment Share on other sites More sharing options...
Mchl Posted May 3, 2010 Share Posted May 3, 2010 mysql_real_escape_string should be used on ALL user inputted data in EVERY query. I know, but I don't want that there comes a \'... I trust this source 100% so that will be fine... Well then, there's only magick left for you... A \ will not be saved to database, so I don't know why you might not like it. Quote Link to comment Share on other sites More sharing options...
NLCJ Posted May 3, 2010 Author Share Posted May 3, 2010 Thank you! Dumb me... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.