Until now i've been using it in the form:
Code: Select all
$query = "INSERT INTO table (name) VALUES ('".mysql_real_escape_string($name)."')";Code: Select all
$name = mysql_real_escape_string($name);Code: Select all
$cat_insert = sprintf("INSERT INTO icecat_categories (category_id,category_name,uncatid,searchable,thumbpic,score,lowpic,parent_category_id,parent_category_name) VALUES ('%d','%s','%d','%d','%s','%d','%s','%d','%s')",$category->tagAttrs['id'],mysql_real_escape_string($category_name),$category->tagAttrs['uncatid'],$category->tagAttrs['searchable'],mysql_real_escape_string($category->tagAttrs['thumbpic']),$category->tagAttrs['score'],mysql_real_escape_string($category->tagAttrs['lowpic']),$category->parentcategory[0]->tagAttrs['id'],mysql_real_escape_string($parent_name));
$catQ = mysql_query($cat_insert) or die ("Query Cat Insert: $cat_insert Failed".mysql_error());