Jump to content

Real Escape String - can't get it to work


rockonxox
 Share

Recommended Posts

I am having issues with apostrophe's when using a form to insert/update/edit information in my database. My original code works unless an apostrophe is used:

<?php
$con=mysqli_connect("CONNECTIONINFORMATION");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$result=mysql_query("INSERT INTO $table wf_FirstName1,wf_LastName3) VALUES ('".mysql_real_escape_string($wf_FirstName1)."', '".mysql_real_escape_string($wf_LastName3)."')";

$sql="INSERT INTO nominatedsires (ecuid,sirename,yob,color,breed,owner,approved)
VALUES ('$_POST[ecuid]','$_POST[sirename]','$_POST[yob]','$_POST[color]','$_POST[breed]','$_POST[owner]','no')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "Thank you for your nomination.<br>Please send $1000 nomination fee to Andie so your nomination can be approved.<p><a href='nominateasire.php'>Nominate another stallion</a>";

mysqli_close($con);
?>

I have been scouring forums, tutorials, etc but I can not get mysqli_real_escape_string to work so I'm obviously using it wrong. This code below doesn't give me an error (like many other attempts have). It gives me the thank you message but the information that goes into the database is blank.

<?php
$con=mysqli_connect("CONNECTIONINFORMATION");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$sql="INSERT INTO nominatedsires (ecuid,sirename,yob,color,breed,owner,approved)
VALUES ('".mysqli_real_escape_string($_POST[ecuid])."', '".mysqli_real_escape_string($_POST[sirename])."', '".mysqli_real_escape_string($_POST[yob])."', '".mysqli_real_escape_string($_POST[color])."', '".mysqli_real_escape_string($_POST[breed])."', '".mysqli_real_escape_string($_POST[owner])."', 'no')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "Thank you for your nomination.";

mysqli_close($con);
?>

What is the proper way for me to use real escape string to deal with apostrophe's in this form?

 

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.