Page 1 of 1

hi agine php help:)

Posted: Sat Feb 01, 2003 6:36 am
by forgun
mm i changed at and its give errors

Code: Select all

<?php
$qur = "INSERT INTO News ( title, body, date, time, byhow) VALUES (";
$qur .= "'" . $_POST["title"] . "' , '" . $_POST["body"] . "', CURDATE(), CURTIME(), '" . $_POST["how"] . "')";
$qur = mysql_escape_string($qur);
mysql_query($qur) or die (mysql_error());

?>

Posted: Sat Feb 01, 2003 6:45 am
by mydimension
what error are you getting?

Posted: Sat Feb 01, 2003 7:18 am
by forgun

Code: Select all

You have an error in your SQL syntax near '''hgh'' , ''ff'', CURDATE(), CURTIME(), ''forgun'')' at line 1

Posted: Sat Feb 01, 2003 11:44 am
by twigletmac
You're using mysql_escape_string() on your SQL query so it's escaping the single quotes around the variables and thus the whole thing is not working - you have to only apply this function to the $_POST variables. You could do something like:

Code: Select all

<?php 
$qur = "INSERT INTO News ( title, body, date, time, byhow) VALUES ("; 
$qur .= "'" .mysql_escape_string($_POST['title']). "' , '" .mysql_escape_string($_POST['body']). "', CURDATE(), CURTIME(), '" .mysql_escape_string($_POST['how']). "')"; 
mysql_query($qur) or die (mysql_error()); 

?>
Mac