Posted by Jerry Stuckle on 02/18/07 03:27

matthud@gmail.com wrote:
> <?php
> //MAKE IT SAFE
> $chunk = $_POST['foo'];
> $title = $_POST['foo1'];
> $url = $_POST['foo2'];
> $tags = $_POST['foo3'];
> $user = $_POST['foo4'];
>
> $safe_chunk = mysql_real_escape_string(htmlentities($chunk));
> $safe_title = mysql_real_escape_string(htmlentities($title));
> $safe_url = mysql_real_escape_string(htmlentities($url));
> $safe_tags = mysql_real_escape_string(htmlentities($tags));
> $safe_user = mysql_real_escape_string(htmlentities($user));
>
>
>
> mysql_query("INSERT INTO chunks VALUES ('$safe_chunk', '$safe_title',
> '$safe_url', '$safe_tags', '$safe_user', CURDATE(), '')");
>

First of all, you shouldn't use htmlentities here. That's for
displaying the data, not storing it in the database. Rather, use it
after retrieving the data but before displaying it.

Next question is - what's in the $_POST array? Try

echo "<pre>\n";
print_r($_POST);
echo "</pre>\n";

Finally, what's the result from mysql_query? ALWAYS check the result of
a mysql call (or any other external call, for that matter). If it is
false, display the error with mysql_error().


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: Sorting alphabetically backwards lists
• Prev in forum: Re: Can't read $_SESSION variables set by previous request, AJAX
• Thread view: Re: mysql_real_escape_string/htmlentities issue

[Reply to this message]