mysql_real_escape_string() issue
Posted: Wed Oct 04, 2006 6:12 pm
I seem to be having an issue with mysql_real_escape_string(). When I use the following code to update my database, it seems to add an extra \ every time. Should I be running data through an extra function?
Code:
Code:
Code: Select all
$ProductID = mysql_real_escape_string($_POST['ProductID']);
$Name = mysql_real_escape_string($_POST['Name']);
$Price = mysql_real_escape_string($_POST['Price']);
$Sold = mysql_real_escape_string($_POST['Sold']);
$ArtistID = mysql_real_escape_string($_POST['ArtistID']);
$CategoryID = mysql_real_escape_string($_POST['CategoryID']);
$Desc = mysql_real_escape_string($_POST['Desc']);
$Bodice = mysql_real_escape_string($_POST['Bodice']);
$Spin = mysql_real_escape_string($_POST['Spin']);
$Length = mysql_real_escape_string($_POST['Length']);
$Waist = mysql_real_escape_string($_POST['Waist']);
$Inseam = mysql_real_escape_string($_POST['Inseam']);
$Chest = mysql_real_escape_string($_POST['Chest']);
if ($type == 'edit'){
$query = "UPDATE CLOTHING SET `Name` = '".$Name."', `ArtistID` = '".$ArtistID."', `CategoryID` = '".$CategoryID."',`Desc` = '".$Desc."', `Bodice` = '".$Bodice."',`Spin` = '".$Spin."', `Length` = '".$Length."', `Waist` = '".$Waist."', `Inseam` = '".$Inseam."', `Chest` = '".$Chest."', `Sold` = '".$Sold."', `Price` = '".$Price."' WHERE `ProductID` = '" . $ProductID . "'";
mysql_query($query) or die('Query failed: ' . mysql_error() . " Whole Query: " . $query);
echo "<center><br />".$Name." has been updated!";
echo "<a href=index.php?mode=clothing>Back</a></center>\n";
}
}