adding mysql_real_escape_string

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oo7ml
Forum Newbie
Posts: 15
Joined: Sun Jun 17, 2007 4:30 pm

adding mysql_real_escape_string

Post by oo7ml »

When i am preparing my data for insertion into the database i am adding mysql_real_escape_string, but how do i add it to the about_me part.

Code: Select all

//retrieve form data in a variable
$firstname  = mysql_real_escape_string($_POST['firstname']);
[b]$about_me[/b]		= '?';
thanks
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

might be

Code: Select all

$about_me = mysql_real_escape_string($_POST['about_me']);
might be something completely different.
The question is very vague.
oo7ml
Forum Newbie
Posts: 15
Joined: Sun Jun 17, 2007 4:30 pm

Post by oo7ml »

No sorry, there is no text field called, about_me. I am just giving about_me a value of "?" so that it will be inserted into the database (it will be used later on) But just incase someone tries to mess around with my code i want to add mysql_real_escape_string infront of it
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Code: Select all

$about_me = mysql_real_escape_string('?');
But it has no effect.

Messing around with the code in what way?
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

oo7ml wrote:No sorry, there is no text field called, about_me. I am just giving about_me a value of "?" so that it will be inserted into the database (it will be used later on) But just incase someone tries to mess around with my code i want to add mysql_real_escape_string infront of it
You are aware that you only have to escape data that you don't have absolute control over, right? And you should only escape it right before putting it into the database. Relying on it being previously escaped is not good practice.
Post Reply