darkfreaks Posted September 11, 2007 Share Posted September 11, 2007 ok now i get wrong parameter count on line 11 <?php collect_user = mysql_query("SELECT * FROM progress_users WHERE name = '$NAME' AND password = '$PASS'", mysql_real_escape_string($NAME), mysql_real_escape_string($PASS))or die(mysql_error()); ///line11 ?> Link to comment https://forums.phpfreaks.com/topic/68922-solved-escaping-sql-problems/ Share on other sites More sharing options...
trq Posted September 11, 2007 Share Posted September 11, 2007 mysql_query only takes two perameters, your passing it three. Either use... <?php $NAME = mysql_real_escape_string($NAME); $PASS = mysql_real_escape_string($PASS); $collect_user = mysql_query("SELECT * FROM progress_users WHERE name = '$NAME' AND password = '$PASS'") or die(mysql_error()); ?> Or... <?php $collect_user = mysql_query(sprintf("SELECT * FROM progress_users WHERE name = '%s' AND password = '%s'",mysql_real_escape_string($NAME), mysql_real_escape_string($PASS))) or die(mysql_error()); ?> PS: Using caps for variable names is a bad idea. Constants normally use caps. Link to comment https://forums.phpfreaks.com/topic/68922-solved-escaping-sql-problems/#findComment-346446 Share on other sites More sharing options...
darkfreaks Posted September 11, 2007 Author Share Posted September 11, 2007 The first one worked thanks thorpe i just needed to add that function to protect against injection attacks Link to comment https://forums.phpfreaks.com/topic/68922-solved-escaping-sql-problems/#findComment-346462 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.