MySQL_real escape_string
Posted: Sat Oct 02, 2010 8:53 am
Hi there,
Can anyone see what is wrong with this code? I've been fiddling about with it for days now and just can't get it to work. I know it's something small and silly but I just can't find it!
Thanks in advance for any help. It is much appriciated.
<?php
$con = mysql_connect("**********","**********","***********");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("safe", $con);
$number = preg_replace('/[^0-9]/', '', $_POST['number']);
$number = (int) $number;
$realname = mysql_real_escape_string($_POST['realname');
if (substr_count("@", $_POST['email']) == 1){
$email = mysql_real_escape_string($_POST['email']);
} else {
die("Your email doesn't appear to be valid, please double check it and resubmit");
}
$comments = mysql_real_escape_string($_POST['comments']);
$sql="INSERT INTO Enquiries (Name, Number, Email, Comments, Date)
VALUES
('$realname','$number','$email','$comments', CURDATE())";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "";
mysql_close($con)
?>
Thanks again. Kind regards
Mike
Can anyone see what is wrong with this code? I've been fiddling about with it for days now and just can't get it to work. I know it's something small and silly but I just can't find it!
Thanks in advance for any help. It is much appriciated.
<?php
$con = mysql_connect("**********","**********","***********");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("safe", $con);
$number = preg_replace('/[^0-9]/', '', $_POST['number']);
$number = (int) $number;
$realname = mysql_real_escape_string($_POST['realname');
if (substr_count("@", $_POST['email']) == 1){
$email = mysql_real_escape_string($_POST['email']);
} else {
die("Your email doesn't appear to be valid, please double check it and resubmit");
}
$comments = mysql_real_escape_string($_POST['comments']);
$sql="INSERT INTO Enquiries (Name, Number, Email, Comments, Date)
VALUES
('$realname','$number','$email','$comments', CURDATE())";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "";
mysql_close($con)
?>
Thanks again. Kind regards
Mike