gwood_25 Posted November 3, 2007 Share Posted November 3, 2007 Hello, I have a function that duplicates records in a database then takes the user to an edit form. This function works fine until a record with an apostrophe is encountered and then it breaks. I have tried to implement the mysql_real_escape_string() function but it still gives the same error. Here is my code: // Get the ID of the product to duplicate $ID = $_GET['ID']; $sql = "select products.* from products where ID=$ID"; $result = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result,MYSQL_ASSOC); // Load the values of the record to duplicate $SubCategoryID = $row['SubCategoryID']; $BrandID = $row['BrandID']; $Name = $row['Name']; $Price = $row['Price']; $Keywords = $row['Keywords']; $Description = $row['Description']; $Image = "noimage.png"; // Create a new record in the database and populate it with the values from the record to be duplicated $sql = sprintf("Insert Into products (SubCategoryID, BrandID, Name, Price, Keywords, Description, Image) Values ('$SubCategoryID', '$BrandID', '$Name', '$Price', '$Keywords', '$Description', '$Image')", mysql_real_escape_string($SubCategoryID), mysql_real_escape_string($BrandID), mysql_real_escape_string($Name), mysql_real_escape_string($Price), mysql_real_escape_string($Keywords), mysql_real_escape_string($Description), mysql_real_escape_string($Image)); mysql_query($sql) or die(mysql_error()); // Get the ID for the newly inserted record $ID = mysql_insert_id(); $link = "edit_product.php?ID=".$ID; // Take the user to the edit screen to edit the details of this product header("Location:".$link); mysql_close($dbh); I'm sure i've done something wrong but unfortunately i'm very new to php and don't know why it's not working Link to comment https://forums.phpfreaks.com/topic/75924-mysql_real_escape_string-not-working/ Share on other sites More sharing options...
darkfreaks Posted November 3, 2007 Share Posted November 3, 2007 take it out of your query and put it like $name= mysql_real_escape_string($name); Link to comment https://forums.phpfreaks.com/topic/75924-mysql_real_escape_string-not-working/#findComment-384326 Share on other sites More sharing options...
PHP_PhREEEk Posted November 3, 2007 Share Posted November 3, 2007 Put the data INTO the database correctly up front, and then it will come back out as expected. See ADDSLASHES and STRIPSLASHES at php.net http://us3.php.net/manual/en/function.addslashes.php http://us3.php.net/manual/en/function.stripslashes.php PhREEEk Link to comment https://forums.phpfreaks.com/topic/75924-mysql_real_escape_string-not-working/#findComment-384402 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.