radagast Posted October 22, 2014 Share Posted October 22, 2014 Hello I am still fairly new to the PDO / mysqli thing and I would really appreciate some help with escaping special characters from the below code. $sth = ("SELECT * from table WHERE field1 = '$bob' and field2 != ''"); foreach ($dbh->query($sth) as $row) { $who = $row['field2']; $why = $row['field1']; $dbh1->query("UPDATE table SET who = '$who', date = '$row[DATE]', time = '$row[TIME]' WHERE field1 = '$why'")or die(mysqli_error($db)); } I have tried using the prepared statement as well as the mysqli_real_escape_string but sees the code results as an object. Any help or comments would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 22, 2014 Share Posted October 22, 2014 What api are you using? PDO or MySQLi? You can only use one or the other you can't use them both together. If you are inserting data into the database you should be using prepared statements. The PHP documentation has clear documentation for how to use prepared statements for both api's PDO Prepared Statements MySQLi Prepared Statements Quote Link to comment Share on other sites More sharing options...
radagast Posted October 24, 2014 Author Share Posted October 24, 2014 Hello i am using PDO. I will go over the PDO Prepared Statements again to see where I have gone wrong. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.