Page 2 of 2
Posted: Sat Dec 16, 2006 10:21 am
by John Cartwright
Code: Select all
$sql = 'INSERT INTO
`home`
SET
`address` = \''. mysql_real_escape_string($address).'\',
`size` = '. !empty($size) ? intval($size) : '' .',
`rent` = '. !empty($rent) ? intval($rent) : ''.',
Something like this? Although personally I don't see why 0 is not an appropriate value in this case.. ah well.
Posted: Sat Dec 16, 2006 10:38 am
by sarris
Great!!
Sorry to bother you that much...I think i am covered completely now.Thank you very much.
I asked feyd another day, when he was very helpfull as well, how can i contribute to the site and he said i could donate.
I respectfully would like to do that but dont know how
As for your question...When it comes for parking spaces for a house for example.When the records are shown its completely different if
no value is next to Parking: (means the submiter didnt bother to add this detail). If 0 is set it means that there is no parking.
Anyways...
Thanks for everything.
Posted: Sat Dec 16, 2006 5:06 pm
by onion2k
sarris wrote:****THIS IS WHAT I GET WHEN RUNNING IT ON MY PC*****
Magic Quotes GPC: Off
****THIS IS WHAT I GET WHEN RUNNING IT ON THE WEB HOSTING SERVER*****
Magic Quotes GPC: On
That's your problem right there. As JCart already noted, the solution lies with mysql_real_escape_string().
Posted: Sat Dec 16, 2006 5:08 pm
by John Cartwright
Good spot Onion, that certainly would cause the problem if the data had a quote in it..
Two things to keep in mind sarris, register globals is bad and magic quotes gpc is evil too.