468,532 Members | 1,651 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,532 developers. It's quick & easy.

mysql_real_escape_string/htmlentities issue

<?php
//MAKE IT SAFE
$chunk = $_POST['foo'];
$title = $_POST['foo1'];
$url = $_POST['foo2'];
$tags = $_POST['foo3'];
$user = $_POST['foo4'];

$safe_chunk = mysql_real_escape_string(htmlentities($chunk));
$safe_title = mysql_real_escape_string(htmlentities($title));
$safe_url = mysql_real_escape_string(htmlentities($url));
$safe_tags = mysql_real_escape_string(htmlentities($tags));
$safe_user = mysql_real_escape_string(htmlentities($user));

mysql_query("INSERT INTO chunks VALUES ('$safe_chunk', '$safe_title',
'$safe_url', '$safe_tags', '$safe_user', CURDATE(), '')");

Feb 18 '07 #1
2 2696
I guess an explanation is in order! The problem is that the values
aren't put in the database. I just get blank fields instead.

Feb 18 '07 #2
ma*****@gmail.com wrote:
<?php
//MAKE IT SAFE
$chunk = $_POST['foo'];
$title = $_POST['foo1'];
$url = $_POST['foo2'];
$tags = $_POST['foo3'];
$user = $_POST['foo4'];

$safe_chunk = mysql_real_escape_string(htmlentities($chunk));
$safe_title = mysql_real_escape_string(htmlentities($title));
$safe_url = mysql_real_escape_string(htmlentities($url));
$safe_tags = mysql_real_escape_string(htmlentities($tags));
$safe_user = mysql_real_escape_string(htmlentities($user));

mysql_query("INSERT INTO chunks VALUES ('$safe_chunk', '$safe_title',
'$safe_url', '$safe_tags', '$safe_user', CURDATE(), '')");
First of all, you shouldn't use htmlentities here. That's for
displaying the data, not storing it in the database. Rather, use it
after retrieving the data but before displaying it.

Next question is - what's in the $_POST array? Try

echo "<pre>\n";
print_r($_POST);
echo "</pre>\n";

Finally, what's the result from mysql_query? ALWAYS check the result of
a mysql call (or any other external call, for that matter). If it is
false, display the error with mysql_error().
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Feb 18 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Michael G | last post: by
2 posts views Thread by Marcus | last post: by
7 posts views Thread by Taras_96 | last post: by
3 posts views Thread by jl | last post: by
2 posts views Thread by comp.lang.php | last post: by
11 posts views Thread by zach | last post: by
8 posts views Thread by mijn naam | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.