Jump to content

mysql_escape_string causes page to be littered with 'rn'.


bertieboy_93

Recommended Posts

I have an update script which receives some text from a session variable and updates an entry in the database with it. Apostrophes were usetting it. I have been told to use stripslashes and mysql_escape_string to solve the problem, but with the code below, at the beggining of each line and at each line break 'rn' is displayed. Here is my current update script:
[code]<?php
//Update database
$query = "UPDATE Main SET PageHeading = '$pageheading', PageText = '$pagetext' WHERE PageName = '$pagename'";
$query = mysql_real_escape_string($query);
$query = stripslashes($query);
mysql_query($query) or die(mysql_error());
?>[/code]

Can someone please explain why this is happening? Thanks for any help you can give me.
You want to use the mysql_real_escape_string() and stripslashes() functions on each piece of data not on the whole query:
[code]<?php
//Update database
$query = "UPDATE Main SET PageHeading = '" . mysql_real_escape_string(stripslashes($pageheading)) .
"', PageText = '" . mysql_real_escape_string($pagetext .
"' WHERE PageName = '" . mysql_real_escape_string(stripslashes($pagename)) . "'";
mysql_query($query) or die("There was a problem with the query: $query<br>" . mysql_error());
?>[/code]

Ken
its less confusing if you do the strings before adding to the database

(I mention this a lot, but)
Here is my function I use, and how I use it

[code]
<?php
function MakeSafe($str, $make_lower = false){
if($make_lower){
$str = strtolower($str);
}
$str = stripslashes($str);
$str = trim($str);
$str = strip_tags($str);
$str = mysql_real_escape_string($str);
return $str;
}


//For Stirngs, you WANT in lowercase, Usernames ect
$username = MakeSafe($_POST["username"], 1);

//Strings keeping the CaSe
$name = MakeSafe($_POST["name"]);

//Then the query

$query = "UPDATE members SET username = ' ".$username." ', name = ' ".$name." ' WHERE id = ' ".$id." '";
$result = mysql_query($query1);

//This checks if the query was done
if($result){
echo "Everyting is done";
}else{
echo "There has been an error<br />\n";
//Remove this line when finished testing
echo mysql_error();
}
?>
[/code]

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.