Jump to content

Archived

This topic is now archived and is closed to further replies.

cuprasteve

Problem with Insert string

Recommended Posts

Ok this is probably a very easy fix for this, but I cant find it and iv tried loads of different combinations of things.

The problem is with this insert line

[code]VALUES (".$board_config['delete_post_forum'].", '".sprintf($lang['Deleted_post_from_topic'], $topic_test)."', ".$post_data['poster_id'].", ".time().", 0, 0, ".TOPIC_UNLOCKED.", 0, ".POST_NORMAL.", $post_id, $post_id, 0, '$userna')";[/code]

$topic_test contains a post title for instance "Hi im new" which works fine, but if that title contains a ' for instance "You're day today" then it messes up the string and i get an error when it tries to insert in the database, any ideas?

im assuming i have to encapsulate $topic_test in some form of quote combination?

Share this post


Link to post
Share on other sites
surround the sprintf() with addslashes () or much better mysql_real_escape_string ()

Note any string / char / text / type column should always be escaped, with at least addslashes (), but mysql_real_escape_string (), should be used in a db insert / select / delete, any db query!

me!

Share this post


Link to post
Share on other sites
hi, thanks muchly for the help, when you say addslashes whats the usage of that? can you show me an example using my line of code that i posted

thanks in advance

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.