garydt Posted June 29, 2007 Share Posted June 29, 2007 Is there anyway to way to use mysql_real_escape_string when updating a record? i've tried- $updateSQL = sprintf("UPDATE images SET imageName='$smallimage', bigimagename='$smallpics', bigcaption='" . mysql_real_escape_string(%s) . "' WHERE usnm='$user'", GetSQLValueString($_POST['textfield'], "text")); and i get- Parse error: parse error, unexpected '%', expecting ')' in C:\Program Files\xampp\htdocs\epeople\editphoto.php on line 173 Also I want to check if people try and type in url's into the guestbook. How do i do that? Is it with the 'ereg' command? Thanks alot Link to comment https://forums.phpfreaks.com/topic/57697-mysql_real_escape_string-and-update/ Share on other sites More sharing options...
garydt Posted June 29, 2007 Author Share Posted June 29, 2007 Can anyone help? Link to comment https://forums.phpfreaks.com/topic/57697-mysql_real_escape_string-and-update/#findComment-285796 Share on other sites More sharing options...
cluce Posted June 29, 2007 Share Posted June 29, 2007 Is there anyway to way to use mysql_real_escape_string when updating a record? you can do something like this... $failed = mysqli_real_escape_string($mysqli,trim($_POST['failed_logins'])); //update failed logins $sql = "UPDATE employees SET failed_logins = '".$failed."' WHERE username = '".$_SESSION['user']."' LIMIT 1"; mysqli_query($mysqli, $sql); Link to comment https://forums.phpfreaks.com/topic/57697-mysql_real_escape_string-and-update/#findComment-286211 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.