|  | Posted by Andy Hassall on 07/06/17 11:31 
On 8 Nov 2005 07:15:33 -0800, "frizzle" <phpfrizzle@gmail.com> wrote:
 >Hmm,
 >somehow i can't get it to work correctly:
 >
 >I tested inserting the following text:
 >'"\     (single quote, double quote, backslash)
 >
 >Via PHP:
 >     $new_var = mysql_real_escape_string($_POST['var']);
 >     $put_info = mysql_query("INSERT INTO `test` ( `id` , `text` )
 >VALUES  ('', '".$new_var."');");
 
 Print out all the values involved to the browser so you can actually see what
 is happening.
 
 In my previous reply that you haven't quoted, I said:
 
 >>Nothing's automatically converted, unless you have the dreaded
 >>magic_quotes option turned on.
 
 So, do you have magic_quotes turned on? If you don't know, use Google to find
 out what it is. There is a chapter in the PHP manual about it.
 --
 Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
 http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
  Navigation: [Reply to this message] |