[SOLVED] whats the correct syntax for adding an "addslashes()" to sql INSERT

[RyanSF07]

Hi All,

 

Apparently adding addslashes() and stripslashes() dirrectly to the code is better than turning on magic quotes in php.ini file. I'm new at this, and learning, but that seems to be what I've gathered so far.

 

So, i'm looking at different turtorials and trying different things without success.

 

This is the bare bones of what I'm working with:

 

$sql = "INSERT INTO $table (user_id, video_id, question) VALUES ('$_SESSION[id]', '$_SESSION[video_id]', addslashes('$question'))";

 

In one tutorial, the addslashes was included as:

"'.addslashes($question).'",

, but that didn't work either.

 

What is the correct syntax for adding the "addslashes()" and "stripslashes" commands to INSERT and SELECT queries?

 

Thank you very much for you help

Ryan

[john010117]

How are you getting the $question variable? If it's the same as others (by sessions), do this:

$question = $_SESSION[question];
$question = addslashes($question);

 

...and for your query:

$sql = "INSERT INTO $table (user_id, video_id, question) VALUES ('$_SESSION[id]', '$_SESSION[video_id]', '$question')";

[realjumper]

I do it like this....may not be perfect but it works well......

 

$whatever = $_POST['whatever'];
$whatever = addslashes($whatever);

$news = $_POST['news'];
$news = addslashes($news);



$query = "INSERT INTO table_name (whatever,news) VALUES ('$whatever','$news')";
mysql_query($query);

[RyanSF07]

Thanks Guys,

 

That worked. Great!

 

Ryan