addslashes() continue...

guido88

Group:

I tried to utilized the "addslashes()" function, but didn't work -- please review the following code:

<?php

$sql = "INSERT INTO url_store VALUES (title,addslashes(), description, keywords, url, email, location, channel);

<-- Notice the "addslahes()" variable above -- wrong place? -->

$connection = mysql_connect("localhost","12345","axsdvfgg") or die ("Couldn't connect to server.");

$db = mysql_select_db("adfa_asdf", $connection) or die ("Couldn't select database.");

$sql_result = mysql_query($sql,$connection) or die ("Couldn't execute query.");

if (!$sql_result) {
	echo "<P>Couldn't submit URL!";
} else {

echo "

...

The idea is that when someone puts in a word with (') -- like the word Guido's -- that it will enter into the database. As of now, I have to write Guidos, and not Guido's.

Dej mi pomoc! 🙂 A little help please!

Guido

cordex

addslahes must be run like this:

$string_st = "Guido's";
$string_st = addslashes($string_st);

Now, $string_st == "Guido\'s"

guido88

Hello Ben:

Thank you for your reply. However, maybe I wasn't very clear -- I need to have the "addslashes()" functino to a form, so if anyone uses -> ' <- in their site submission, it will work. I was using Guido's as an example of what other people will be submitting.

I'm under the impression that "Guido's" as you have it will only work for that one variable.

Regards,

Guido

cordex

Guido, that's true, it will only work for the one form element named string_st. You will have to send all of your form variables through that function.