Error

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Error

Post by s.dot »

on all of my form input I use this code:

Code: Select all

$message2 = mysql_real_escape_string(strip_tags($message));
Sometimes it cuts off the message at a ' or a " or maybe some other unknown symbol. How can I prevent this?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

how are you using them in the query string?
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Code: Select all

$sql = "INSERT INTO messages VALUES($message2) WHERE blah";
with $message2 being mysql_real_escape_string(strip_tags));
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Code: Select all

INSERT INTO `messages` VALUES('$message2')
notice the quotes
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

...

Post by s.dot »

What exactly do the quotes do?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

i've experienced weird things with mysql_real_escape_string if i didn't pass a connection to the db....

so i advise you use

$db = mysql_connect(.....);
$foo = mysql_real_escape_string($_POST['bar'], $db);
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

...

Post by s.dot »

Well, why would that be necessary if the connections already established? And did it solve your weird problems?
Post Reply