Syntax for mysql_real_escape_string
Posted: Thu Oct 13, 2011 4:27 pm
I am having an issue with the proper syntax on writing the mysql_real_escape_string into code to put data in the db. I have searched all over looking at things, and since I have enough php knowledge to myself in trouble, I just can't figure out how to write it in. The problem I get is the error of: "Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'd" without the double quotation marks. Below is my code. I guess what I need to know is where and how to add the mysql_real_escape_string into my code. The php manual and the examples online just aren't making sense to me and I need this completed for the site I am building soon. Thank you in advance.
do_addrequest.php
blog.php
do_addrequest.php
Code: Select all
<?php
$con = mysql_connect("", "", "");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("", $con);
$request_owner = mysql_real_escape_string($_POST['request_owner']);
$post_text = mysql_real_escape_string($_POST['post_text']);
$sql="INSERT INTO prayer_requests (request_owner, post_text)
VALUES
('$_POST[request_owner]','$_POST[post_text]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con)
?> Code: Select all
<?php
$conn = mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("", $conn) or die(mysql_error());
$get_posts="select post_text, request_owner from prayer_requests";
$get_posts_res = mysql_query($get_posts, $conn) or die(mysql_error());
$display_block .="
<div id=prayerowner>
Name
</div>
<div id=prayertext>
Prayer Request
</div>
";
while($posts_info = mysql_fetch_array($get_posts_res)) {
$post_owner = stripslashes($posts_info['request_owner']);
$post_text = stripslashes($posts_info['post_text']);
$display_block .="
<table width=499 height=70 cellspacing=10>
<tr>
<th width=136 valign=top>$post_owner</th>
<th width=351 valign=top align=left>$post_text</th>
</tr>
";
$display_block .="</table>";
}
?>