erfg1 Posted March 16, 2007 Share Posted March 16, 2007 I made a bug report script so people can report them, and an administrator could read them, and edit them. However, if someone reported something and put a special character like ' when i would go to edit and re-submit, it would say that its a syntax error. I've fixed this in my previous scripts however, i lost them, and can't recall how to do it. Basically I want to UPDATE. Basically editing another field, but not their original report containing a ' and wanting to re-submit without editing their report. $sql5 = "UPDATE cm_bugreport SET version = '$version', name = '$name_edit', bug = '$bug', status = '$status', comments = '$comments' WHERE id = '$id'"; $db->sql_query($sql5); Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 16, 2007 Share Posted March 16, 2007 stripslashes(); Quote Link to comment Share on other sites More sharing options...
per1os Posted March 16, 2007 Share Posted March 16, 2007 You don't want to use stripslashes, bad habit. Use mysql_real_escape_string($val) on all of your variable before you input them into the $sql, this will prevent SQL Injection and escape anything that will cause a mysql_Error. Quote Link to comment Share on other sites More sharing options...
erfg1 Posted March 16, 2007 Author Share Posted March 16, 2007 Is this right? $sql5 = "UPDATE cm_bugreport SET version = '". mysql_real_escape_string($version) .", name = '$name_edit', bug = '$bug', status = '$status', comments = '$comments' WHERE id = '$id'"; Cause im still getting errors back. EDIT: nvm, this is how it should be. $sql5 = "UPDATE cm_bugreport SET version = '". mysql_real_escape_string("$version") ."', name = '$name_edit', bug = '$bug', status = '$status', comments = '$comments' WHERE id = '$id'"; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.