Jump to content

mysql_real_escape_string() not working

gwood_25

By gwood_25
in PHP Coding Help

 Share

Recommended Posts

gwood_25 Newbie

gwood_25

Posted
Posted

Hello,

 

I have a function that duplicates records in a database then takes the user to an edit form. This function works fine until a record with an apostrophe is encountered and then it breaks. I have tried to implement the mysql_real_escape_string() function but it still gives the same error.

 

Here is my code:

 

 

// Get the ID of the product to duplicate

$ID = $_GET['ID'];

 

$sql = "select products.* from products where ID=$ID";

$result = mysql_query($sql)

or die(mysql_error());

$row = mysql_fetch_array($result,MYSQL_ASSOC);

 

// Load the values of the record to duplicate

$SubCategoryID = $row['SubCategoryID'];

$BrandID = $row['BrandID'];

$Name = $row['Name'];

$Price = $row['Price'];

$Keywords = $row['Keywords'];

$Description = $row['Description'];

$Image = "noimage.png";

 

// Create a new record in the database and populate it with the values from the record to be duplicated

$sql = sprintf("Insert Into products (SubCategoryID, BrandID, Name, Price, Keywords, Description, Image) Values ('$SubCategoryID', '$BrandID', '$Name', '$Price', '$Keywords', '$Description', '$Image')",

mysql_real_escape_string($SubCategoryID),

            mysql_real_escape_string($BrandID),

mysql_real_escape_string($Name),

mysql_real_escape_string($Price),

mysql_real_escape_string($Keywords),

            mysql_real_escape_string($Description),

mysql_real_escape_string($Image));

 

mysql_query($sql)

or die(mysql_error());

 

// Get the ID for the newly inserted record

$ID = mysql_insert_id();

$link = "edit_product.php?ID=".$ID;

 

// Take the user to the edit screen to edit the details of this product

header("Location:".$link);

 

mysql_close($dbh);

 

 

I'm sure i've done something wrong but unfortunately i'm very new to php and don't know why it's not working

Link to comment
https://forums.phpfreaks.com/topic/75924-mysql_real_escape_string-not-working/
Share on other sites
PHP_PhREEEk Newbie

PHP_PhREEEk

Posted
Posted

Put the data INTO the database correctly up front, and then it will come back out as expected.

 

See ADDSLASHES and STRIPSLASHES at php.net

 

http://us3.php.net/manual/en/function.addslashes.php

 

http://us3.php.net/manual/en/function.stripslashes.php

 

PhREEEk

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.