SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Need to know if I have used mysql_escape_string() well.

    Is the mysql_escape_string function used properly in the method below?

    PHP Code:
    $ratingData Rating::OutputRating ($arrRestaurant mysql_escape_string['restaurantname']); 

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,862
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Without seeing the SQL it is impossible to tell.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is the insertion point to the database

    PHP Code:
         if (Rating::CheckRatingsByIp($varItem) == 0)
              {
                
    $ipAddress $_SERVER['REMOTE_ADDR'];
                
             
                
    Database::ExecuteQuery("INSERT INTO `rating` (`item_name`, `rating`, `ip_address`, `date_rated`) VALUES ('{$varItem}', {$varRating}, '{$ipAddress}', NOW())""InsertRating");
                
                
    Database::FetchResults("InsertRating");
                
    Database::FreeResults("InsertRating");
                
    Database::RemoveSavedResults("InsertRating");
                
                
    // Information for the Output
                
    $averageStars  Rating::CalculateAverageRating($varItem);
                
    $newClassNames "rated " Rating::ShowStars($averageStars);
              }
            } 
    The $varItem variable is = to the index 'restaurantname' in the first bit of code in the first post.

  4. #4
    SitePoint Wizard
    Join Date
    Nov 2005
    Posts
    1,191
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by co.ador View Post
    Is the mysql_escape_string function used properly in the method below?

    PHP Code:
    $ratingData Rating::OutputRating ($arrRestaurant mysql_escape_string['restaurantname']); 
    1. You should use mysql_real_escape_string, that function is deprecated
    2. It is a function, not an array
    3. You need to separate method arguments with a comma
    4. Please do yourself a favour and buy a book on php/mysql, or at least look up the php manual for the functions you are trying to use

  5. #5
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks hash.

    I am going to re-do step five.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •