garydt Posted June 29, 2007 Share Posted June 29, 2007 Is there anyway to way to use mysql_real_escape_string when updating a record? i've tried- $updateSQL = sprintf("UPDATE images SET imageName='$smallimage', bigimagename='$smallpics', bigcaption='" . mysql_real_escape_string(%s) . "' WHERE usnm='$user'", GetSQLValueString($_POST['textfield'], "text")); and i get- Parse error: parse error, unexpected '%', expecting ')' in C:\Program Files\xampp\htdocs\epeople\editphoto.php on line 173 Also I want to check if people try and type in url's into the guestbook. How do i do that? Is it with the 'ereg' command? Thanks alot Quote Link to comment Share on other sites More sharing options...
garydt Posted June 29, 2007 Author Share Posted June 29, 2007 Can anyone help? Quote Link to comment Share on other sites More sharing options...
cluce Posted June 29, 2007 Share Posted June 29, 2007 Is there anyway to way to use mysql_real_escape_string when updating a record? you can do something like this... $failed = mysqli_real_escape_string($mysqli,trim($_POST['failed_logins'])); //update failed logins $sql = "UPDATE employees SET failed_logins = '".$failed."' WHERE username = '".$_SESSION['user']."' LIMIT 1"; mysqli_query($mysqli, $sql); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.