mysql_real_escape_string/htmlentities issue

<?php
//MAKE IT SAFE
$chunk = $_POST['foo'];
$title = $_POST['foo1'];
$url = $_POST['foo2'];
$tags = $_POST['foo3'];
$user = $_POST['foo4'];

$safe_chunk = mysql_real_escape_string(htmlentities($chunk));
$safe_title = mysql_real_escape_string(htmlentities($title));
$safe_url = mysql_real_escape_string(htmlentities($url));
$safe_tags = mysql_real_escape_string(htmlentities($tags));
$safe_user = mysql_real_escape_string(htmlentities($user));



mysql_query("INSERT INTO chunks VALUES ('$safe_chunk', '$safe_title',
'$safe_url', '$safe_tags', '$safe_user', CURDATE(), '')");

re: mysql_real_escape_string/htmlentities issue

I guess an explanation is in order! The problem is that the values
aren't put in the database. I just get blank fields instead.

re: mysql_real_escape_string/htmlentities issue

matthud@gmail.com wrote:First of all, you shouldn't use htmlentities here. That's for
displaying the data, not storing it in the database. Rather, use it
after retrieving the data but before displaying it.

Next question is - what's in the $_POST array? Try

echo "<pre>\n";
print_r($_POST);
echo "</pre>\n";

Finally, what's the result from mysql_query? ALWAYS check the result of
a mysql call (or any other external call, for that matter). If it is
false, display the error with mysql_error().


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================