Syntax for mysql_real_escape_string

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sdruch
Forum Newbie
Posts: 3
Joined: Tue Oct 11, 2011 8:44 pm

Syntax for mysql_real_escape_string

Post by sdruch »

I am having an issue with the proper syntax on writing the mysql_real_escape_string into code to put data in the db. I have searched all over looking at things, and since I have enough php knowledge to myself in trouble, I just can't figure out how to write it in. The problem I get is the error of: "Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'd" without the double quotation marks. Below is my code. I guess what I need to know is where and how to add the mysql_real_escape_string into my code. The php manual and the examples online just aren't making sense to me and I need this completed for the site I am building soon. Thank you in advance.

do_addrequest.php

Code: Select all

<?php
$con = mysql_connect("", "", "");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("", $con);
$request_owner = mysql_real_escape_string($_POST['request_owner']);
$post_text = mysql_real_escape_string($_POST['post_text']);
$sql="INSERT INTO prayer_requests (request_owner, post_text)
VALUES
('$_POST[request_owner]','$_POST[post_text]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

mysql_close($con)
?> 
blog.php

Code: Select all

<?php
$conn = mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("", $conn) or die(mysql_error());

$get_posts="select post_text, request_owner from prayer_requests";
$get_posts_res = mysql_query($get_posts, $conn) or die(mysql_error());


$display_block .="

<div id=prayerowner>
Name
</div>
<div id=prayertext>
Prayer Request
</div>

";

while($posts_info = mysql_fetch_array($get_posts_res)) {
	$post_owner = stripslashes($posts_info['request_owner']);
	$post_text = stripslashes($posts_info['post_text']);
		
	
$display_block .="
<table width=499 height=70 cellspacing=10>
<tr>
<th width=136 valign=top>$post_owner</th>
<th width=351 valign=top align=left>$post_text</th>
</tr>

";

$display_block .="</table>";
}

?>
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Syntax for mysql_real_escape_string

Post by social_experiment »

Since you have wrapped the $_POST values in the mysql_real_escape_string() function you can use the variables directly like the example below

Code: Select all

<?php
$sql = "INSERT INTO prayer_requests (request_owner, post_text) VALUES ('$request_owner', '$post_text')";
?>
To see what the query looks like when the error occurs, you can echo it to the browser

Code: Select all

<?php
if (!mysql_query($sql,$con))
  {
    echo mysql_query($sql);
  }

?>
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
sdruch
Forum Newbie
Posts: 3
Joined: Tue Oct 11, 2011 8:44 pm

Re: Syntax for mysql_real_escape_string

Post by sdruch »

Since you have wrapped the $_POST values in the mysql_real_escape_string() function you can use the variables directly like the example below
Syntax: [ Download ] [ Hide ]
<?php
$sql = "INSERT INTO prayer_requests (request_owner, post_text) VALUES ('$request_owner', '$post_text')";
?>

To see what the query looks like when the error occurs, you can echo it to the browser
Syntax: [ Download ] [ Hide ] [ Select ]
<?php
if (!mysql_query($sql,$con))
{
echo mysql_query($sql);
}

?>

Ok, I took the $_POST out of the INSERT function and now I am getting just request_owner and post_text in the db as the data. I ran the error script you wrote and it caused an error stating: Warning: mysql_query(): 2 is not a valid MySQL-Link resource in C:\xampp\htdocs\do_addrequest.php on line 54.

Any help is greatly appreciated. Thanks again ahead of time.
sdruch
Forum Newbie
Posts: 3
Joined: Tue Oct 11, 2011 8:44 pm

Re: Syntax for mysql_real_escape_string

Post by sdruch »

Ok, I came back and reread your post social_experiment and realized you were right and I wrote my code wrong. Thank you so much for the help.
Post Reply