471,082 Members | 822 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,082 software developers and data experts.

mysql_real_escape_string/htmlentities issue

<?php
//MAKE IT SAFE
$chunk = $_POST['foo'];
$title = $_POST['foo1'];
$url = $_POST['foo2'];
$tags = $_POST['foo3'];
$user = $_POST['foo4'];

$safe_chunk = mysql_real_escape_string(htmlentities($chunk));
$safe_title = mysql_real_escape_string(htmlentities($title));
$safe_url = mysql_real_escape_string(htmlentities($url));
$safe_tags = mysql_real_escape_string(htmlentities($tags));
$safe_user = mysql_real_escape_string(htmlentities($user));

mysql_query("INSERT INTO chunks VALUES ('$safe_chunk', '$safe_title',
'$safe_url', '$safe_tags', '$safe_user', CURDATE(), '')");

Feb 18 '07 #1
2 2784
I guess an explanation is in order! The problem is that the values
aren't put in the database. I just get blank fields instead.

Feb 18 '07 #2
ma*****@gmail.com wrote:
<?php
//MAKE IT SAFE
$chunk = $_POST['foo'];
$title = $_POST['foo1'];
$url = $_POST['foo2'];
$tags = $_POST['foo3'];
$user = $_POST['foo4'];

$safe_chunk = mysql_real_escape_string(htmlentities($chunk));
$safe_title = mysql_real_escape_string(htmlentities($title));
$safe_url = mysql_real_escape_string(htmlentities($url));
$safe_tags = mysql_real_escape_string(htmlentities($tags));
$safe_user = mysql_real_escape_string(htmlentities($user));

mysql_query("INSERT INTO chunks VALUES ('$safe_chunk', '$safe_title',
'$safe_url', '$safe_tags', '$safe_user', CURDATE(), '')");
First of all, you shouldn't use htmlentities here. That's for
displaying the data, not storing it in the database. Rather, use it
after retrieving the data but before displaying it.

Next question is - what's in the $_POST array? Try

echo "<pre>\n";
print_r($_POST);
echo "</pre>\n";

Finally, what's the result from mysql_query? ALWAYS check the result of
a mysql call (or any other external call, for that matter). If it is
false, display the error with mysql_error().
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Feb 18 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Michael G | last post: by
2 posts views Thread by Marcus | last post: by
7 posts views Thread by Taras_96 | last post: by
3 posts views Thread by jl | last post: by
2 posts views Thread by comp.lang.php | last post: by
11 posts views Thread by zach | last post: by
8 posts views Thread by mijn naam | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.