Jump to content

mysql_real_escape_string() not working


gwood_25

Recommended Posts

Hello,

 

I have a function that duplicates records in a database then takes the user to an edit form. This function works fine until a record with an apostrophe is encountered and then it breaks. I have tried to implement the mysql_real_escape_string() function but it still gives the same error.

 

Here is my code:

 

 

// Get the ID of the product to duplicate

$ID = $_GET['ID'];

 

$sql = "select products.* from products where ID=$ID";

$result = mysql_query($sql)

or die(mysql_error());

$row = mysql_fetch_array($result,MYSQL_ASSOC);

 

// Load the values of the record to duplicate

$SubCategoryID = $row['SubCategoryID'];

$BrandID = $row['BrandID'];

$Name = $row['Name'];

$Price = $row['Price'];

$Keywords = $row['Keywords'];

$Description = $row['Description'];

$Image = "noimage.png";

 

// Create a new record in the database and populate it with the values from the record to be duplicated

$sql = sprintf("Insert Into products (SubCategoryID, BrandID, Name, Price, Keywords, Description, Image) Values ('$SubCategoryID', '$BrandID', '$Name', '$Price', '$Keywords', '$Description', '$Image')",

mysql_real_escape_string($SubCategoryID),

            mysql_real_escape_string($BrandID),

mysql_real_escape_string($Name),

mysql_real_escape_string($Price),

mysql_real_escape_string($Keywords),

            mysql_real_escape_string($Description),

mysql_real_escape_string($Image));

 

mysql_query($sql)

or die(mysql_error());

 

// Get the ID for the newly inserted record

$ID = mysql_insert_id();

$link = "edit_product.php?ID=".$ID;

 

// Take the user to the edit screen to edit the details of this product

header("Location:".$link);

 

mysql_close($dbh);

 

 

I'm sure i've done something wrong but unfortunately i'm very new to php and don't know why it's not working

Link to comment
https://forums.phpfreaks.com/topic/75924-mysql_real_escape_string-not-working/
Share on other sites

Put the data INTO the database correctly up front, and then it will come back out as expected.

 

See ADDSLASHES and STRIPSLASHES at php.net

 

http://us3.php.net/manual/en/function.addslashes.php

 

http://us3.php.net/manual/en/function.stripslashes.php

 

PhREEEk

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.