eMonk Posted May 1, 2011 Share Posted May 1, 2011 $update = "UPDATE model SET name = '$name', age = '$age', height = '" . mysql_real_escape_string($height) . "', hair = '$hair', bust = '$bust', waist = '$waist', hips = '$hips' ......... WHERE id = '$id' "; $rsUpdate = mysql_query($update); After reading the manual at php.net on this function, I should be inserting the mysql_real_escape_string for each variable, correct? Right now I just have it for $height. The reason I'm asking is because I have 28 columns in this table and want to make sure I'm using this function properly as it seems like a tedious process and messy code. Quote Link to comment https://forums.phpfreaks.com/topic/235284-mysql_real_escape_string/ Share on other sites More sharing options...
PFMaBiSmAd Posted May 1, 2011 Share Posted May 1, 2011 When you are processing a SET of related data, you would generally use an array to store that data so that you could apply a common function to all of it at once. Assuming these values are coming from a form, you could also make an array of the form field names and then use that array to iterate over all the fields to apply a common function to them. What is your actual code leading up to that point and where is this data coming from? And even through you are using a mysql function in your code, your question is actually a php coding question, so moving this thread to the php coding forum section... Quote Link to comment https://forums.phpfreaks.com/topic/235284-mysql_real_escape_string/#findComment-1209089 Share on other sites More sharing options...
eMonk Posted May 1, 2011 Author Share Posted May 1, 2011 I'm playing around with the short variable names now but it doesn't appear to be working ($height returns as NULL). $name = trim($_POST['name']); $age = trim($_POST['age']); $height = mysql_real_escape_string(trim($_POST['height'])); $hair = trim($_POST['hair']); $bust = trim($_POST['bust']); $waist = trim($_POST['waist']); $hips = trim($_POST['hips']); $query = "INSERT INTO model VALUES ('', '$name', $age, height = '$height', '$hair', '$bust', '$waist', '$hips', .........)"; $results = mysql_query($query); Quote Link to comment https://forums.phpfreaks.com/topic/235284-mysql_real_escape_string/#findComment-1209108 Share on other sites More sharing options...
eMonk Posted May 1, 2011 Author Share Posted May 1, 2011 oppss.. I see a problem in the query... height = '$height'... 1 min... Quote Link to comment https://forums.phpfreaks.com/topic/235284-mysql_real_escape_string/#findComment-1209109 Share on other sites More sharing options...
eMonk Posted May 1, 2011 Author Share Posted May 1, 2011 It's working now... Adding mysql_real_escape_string in the short variable names is cleaner IMO which makes it easier to read. I'm not sure what you mean by using an array for the form field names but I'll read this chapter again in my book tonight. Thanks again PFMaBiSmAd! Quote Link to comment https://forums.phpfreaks.com/topic/235284-mysql_real_escape_string/#findComment-1209115 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.