0

Hi all,

I have a question about mysql_real_escape_string. Is it just used for login scripts or is it also used for inserting data to a database. My problem is this:

$connection = mysql_connect("*****", "*****", "*****");
    $database_select = mysql_select_db("*****", $connection);

    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];

    $firstname = stripslashes($firstname);
    $firstname = mysql_real_escape_string($firstname);
    $lastname = stripslashes($lastname);
    $lastname = mysql_real_escape_string($lastname);

    echo "<p>" . $firstname . "</p>";
    echo "<p>" . $lastname . "</p>";

Now if I type quotation marks and so on, the function works fine and it escapes them, but if I update the database using these newly cleaned variables, the slashes are not there! I would use code like the following to update:

$connection = mysql_connect("*****", "*****", "*****");
    $database_select = mysql_select_db("*****", $connection);

    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];

    $firstname = stripslashes($firstname);
    $firstname = mysql_real_escape_string($firstname);
    $lastname = stripslashes($lastname);
    $lastname = mysql_real_escape_string($lastname);

    $result = mysql_query("INSERT INTO members(firstname, lastname) VALUES ('$firstname', '$lastname')", $connection);

Can you see any mistakes as to why it echo's fine but doesn't update the database with the escaped version?


Thanks,


Anthony

1
Contributor
1
Reply
2
Views
9 Years
Discussion Span
Last Post by antwan1986
0

Just to bump this, is this command only used for ARGUMENTS in an SQL query, and not actually for escaping data that is being STORED in the database?

I'm confused about when to use addslashes vs any of these mysql commands, which ones are best and in what situations?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.