rockonxox Posted December 9, 2013 Share Posted December 9, 2013 I am having issues with apostrophe's when using a form to insert/update/edit information in my database. My original code works unless an apostrophe is used: <?php $con=mysqli_connect("CONNECTIONINFORMATION"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $result=mysql_query("INSERT INTO $table wf_FirstName1,wf_LastName3) VALUES ('".mysql_real_escape_string($wf_FirstName1)."', '".mysql_real_escape_string($wf_LastName3)."')"; $sql="INSERT INTO nominatedsires (ecuid,sirename,yob,color,breed,owner,approved) VALUES ('$_POST[ecuid]','$_POST[sirename]','$_POST[yob]','$_POST[color]','$_POST[breed]','$_POST[owner]','no')"; if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } echo "Thank you for your nomination.<br>Please send $1000 nomination fee to Andie so your nomination can be approved.<p><a href='nominateasire.php'>Nominate another stallion</a>"; mysqli_close($con); ?> I have been scouring forums, tutorials, etc but I can not get mysqli_real_escape_string to work so I'm obviously using it wrong. This code below doesn't give me an error (like many other attempts have). It gives me the thank you message but the information that goes into the database is blank. <?php $con=mysqli_connect("CONNECTIONINFORMATION"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $sql="INSERT INTO nominatedsires (ecuid,sirename,yob,color,breed,owner,approved) VALUES ('".mysqli_real_escape_string($_POST[ecuid])."', '".mysqli_real_escape_string($_POST[sirename])."', '".mysqli_real_escape_string($_POST[yob])."', '".mysqli_real_escape_string($_POST[color])."', '".mysqli_real_escape_string($_POST[breed])."', '".mysqli_real_escape_string($_POST[owner])."', 'no')"; if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } echo "Thank you for your nomination."; mysqli_close($con); ?> What is the proper way for me to use real escape string to deal with apostrophe's in this form? Quote Link to comment https://forums.phpfreaks.com/topic/284631-real-escape-string-cant-get-it-to-work/ Share on other sites More sharing options...
hitman6003 Posted December 9, 2013 Share Posted December 9, 2013 Provide the connection variable with mysqli_real_escape_string.. mysqli_real_escape_string($con, $_POST['ecuid']) Quote Link to comment https://forums.phpfreaks.com/topic/284631-real-escape-string-cant-get-it-to-work/#findComment-1461701 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.