Page 1 of 1
Error
Posted: Sun Feb 13, 2005 11:40 pm
by s.dot
on all of my form input I use this code:
Code: Select all
$message2 = mysql_real_escape_string(strip_tags($message));
Sometimes it cuts off the message at a ' or a " or maybe some other unknown symbol. How can I prevent this?
Posted: Sun Feb 13, 2005 11:51 pm
by feyd
how are you using them in the query string?
Posted: Sun Feb 13, 2005 11:53 pm
by s.dot
Code: Select all
$sql = "INSERT INTO messages VALUES($message2) WHERE blah";
with $message2 being mysql_real_escape_string(strip_tags));
Posted: Sun Feb 13, 2005 11:59 pm
by feyd
Code: Select all
INSERT INTO `messages` VALUES('$message2')
notice the quotes
...
Posted: Mon Feb 14, 2005 7:06 pm
by s.dot
What exactly do the quotes do?
Posted: Mon Feb 14, 2005 7:18 pm
by timvw
i've experienced weird things with mysql_real_escape_string if i didn't pass a connection to the db....
so i advise you use
$db = mysql_connect(.....);
$foo = mysql_real_escape_string($_POST['bar'], $db);
...
Posted: Mon Feb 14, 2005 7:28 pm
by s.dot
Well, why would that be necessary if the connections already established? And did it solve your weird problems?