Page 1 of 1

Error

Posted: Sun Feb 13, 2005 11:40 pm
by s.dot
on all of my form input I use this code:

Code: Select all

$message2 = mysql_real_escape_string(strip_tags($message));
Sometimes it cuts off the message at a ' or a " or maybe some other unknown symbol. How can I prevent this?

Posted: Sun Feb 13, 2005 11:51 pm
by feyd
how are you using them in the query string?

Posted: Sun Feb 13, 2005 11:53 pm
by s.dot

Code: Select all

$sql = "INSERT INTO messages VALUES($message2) WHERE blah";
with $message2 being mysql_real_escape_string(strip_tags));

Posted: Sun Feb 13, 2005 11:59 pm
by feyd

Code: Select all

INSERT INTO `messages` VALUES('$message2')
notice the quotes

...

Posted: Mon Feb 14, 2005 7:06 pm
by s.dot
What exactly do the quotes do?

Posted: Mon Feb 14, 2005 7:18 pm
by timvw
i've experienced weird things with mysql_real_escape_string if i didn't pass a connection to the db....

so i advise you use

$db = mysql_connect(.....);
$foo = mysql_real_escape_string($_POST['bar'], $db);

...

Posted: Mon Feb 14, 2005 7:28 pm
by s.dot
Well, why would that be necessary if the connections already established? And did it solve your weird problems?