RyanSF07 Posted April 30, 2007 Share Posted April 30, 2007 Hi All, Apparently adding addslashes() and stripslashes() dirrectly to the code is better than turning on magic quotes in php.ini file. I'm new at this, and learning, but that seems to be what I've gathered so far. So, i'm looking at different turtorials and trying different things without success. This is the bare bones of what I'm working with: $sql = "INSERT INTO $table (user_id, video_id, question) VALUES ('$_SESSION[id]', '$_SESSION[video_id]', addslashes('$question'))"; In one tutorial, the addslashes was included as: "'.addslashes($question).'", , but that didn't work either. What is the correct syntax for adding the "addslashes()" and "stripslashes" commands to INSERT and SELECT queries? Thank you very much for you help Ryan Quote Link to comment Share on other sites More sharing options...
john010117 Posted April 30, 2007 Share Posted April 30, 2007 How are you getting the $question variable? If it's the same as others (by sessions), do this: $question = $_SESSION[question]; $question = addslashes($question); ...and for your query: $sql = "INSERT INTO $table (user_id, video_id, question) VALUES ('$_SESSION[id]', '$_SESSION[video_id]', '$question')"; Quote Link to comment Share on other sites More sharing options...
realjumper Posted April 30, 2007 Share Posted April 30, 2007 I do it like this....may not be perfect but it works well...... $whatever = $_POST['whatever']; $whatever = addslashes($whatever); $news = $_POST['news']; $news = addslashes($news); $query = "INSERT INTO table_name (whatever,news) VALUES ('$whatever','$news')"; mysql_query($query); Quote Link to comment Share on other sites More sharing options...
RyanSF07 Posted April 30, 2007 Author Share Posted April 30, 2007 Thanks Guys, That worked. Great! Ryan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.