Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts

    mysql_real_escape_string

    Hi, I've been trying to user a mysql_real_escape_string in one of my script in a if statement. I haven't used them much and not to sure how and when I should use these. I was trying to make a sample form for when a user submit info to the form it would go a mailing address. But when I uploaed the script it said that on line 10 there was a error. Like I said, I haven't used mysql_real_escape_string that much and not to sure how to use them. I know what they do, but not don't eactly if I'm suppose to do this:

    PHP Code:
    mysql_real_escape($_POST['fname']);

    //or like this..

    (mysql_real_escape_string($_POST['fname'])); 
    Heres my full script of what I was trying to do:

    PHP Code:
    <?php
      
      $submit 
    $_POST['submit'];
      
      if(isset(
    $submit))
      
    {


    if(
    mysql_real_escape_string($_POST['fname') !='' && mysql_real_escape_string($_POST['lname']) !='' && mysql_real_escape_string($_POST['email']) !='' && mysql_real_escape_string($_POST['email']) == mysql_real_escape_string($_POST['confrim_email']) && mysql_real_escape_string($_POST['msg']) !='')

         {
         
    $sendTo 'email@yahoo.com';
         
    $header "From: ".mysql_real_escape_string($_POST['email'])."";
         
    $subject 'Query';
         
    $message "".mysql_real_escape_string($_POST['msg']."";
         
         
    mail($sendTo$header$subject$message);
         
         }    
    }    
    ?>


    So I was just wondering if I could get some help on how and when I should use these. Like I said, I understand what they do, but not to sure if I should use these when I'm submiting something to a E-mail address, or if its just for database submissions. So if someone could clear this up for me it would be great. Perhaps to give me a idea what I'm doing wrong in my script as well if I'm using the function right.


    Thanks
    Jon W
    Last edited by Jon W; 01-06-2008 at 12:52 AM.

  • #2
    Regular Coder
    Join Date
    Aug 2006
    Posts
    311
    Thanks
    0
    Thanked 1 Time in 1 Post
    You have an error in your script you have:

    PHP Code:
    if(mysql_real_escape_string($_POST['fname'
    should be
    PHP Code:
    if(mysql_real_escape_string($_POST['fname]'
    you missed a bracket after fname. What error are you getting? with this?

  • #3
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by Jacobb123 View Post
    should be
    PHP Code:
    if(mysql_real_escape_string($_POST['fname]'
    you missed a bracket after fname.
    You meant:
    PHP Code:
    if(mysql_real_escape_string($_POST['fname']) 


    Also, OP, the $message line should be:
    PHP Code:
    $message mysql_real_escape_string($_POST['msg']); 
    And your if condition should be:
    PHP Code:
    if($_POST['fname'] !='' && $_POST['lname'] !='' && $_POST['email'] !='' && $_POST['email'] == $_POST['confrim_email'] && $_POST['msg'] !=''
    You can use mysql_real_escape_string() on the values later on, but it's not needed there because the string will only get longer after passing through mysql_real_escape_string().
    Last edited by Inigoesdr; 01-06-2008 at 08:32 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •