SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Would This Work?

    Hi Guys,

    Would the following code work?

    PHP Code:
    $query mysql_escape_string("SELECT FirstName, LastName FROM affiliates WHERE AffID ='$affid'"); 
    Thanks for your help guys!

  2. #2
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,897
    Mentioned
    138 Post(s)
    Tagged
    2 Thread(s)
    Maybe, but you shouldn't do it like that, but rather

    PHP Code:
    $query=sprintf('SELECT FirstName, LastName FROM affiliates WHERE AffID="%s"'mysql_real_escape_string($affid)); 
    or you could use concatenation, like


    PHP Code:
    $query='SELECT FirstName, LastName FROM affiliates WHERE AffID="'.mysql_real_escape_string($affid).'"'
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  3. #3
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks ScallioXTX, You've been a big help

  4. #4
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Infact i cant get it working, syntax error

    $query="INSERT INTO data VALUES ('',"'.mysql_real_escape_string($affid).'","'.mysql_real_escape_string($p).'","'.mysql_real_escape_string($title).'","'.mysql_real_escape_string($first).'","'.mysql_real_escape_string($last).'","'.mysql_real_escape_string($email).'","'.mysql_real_escape_string($dob).'",'$ip',"'.mysql_real_escape_string($subid).'",'$datenow','$timenow')";
    Any help would be great please.

    Thank you.

  5. #5
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    64 Post(s)
    Tagged
    0 Thread(s)
    You've got your single and double quotes mixed up.

    Code:
    $query="INSERT INTO data VALUES ('',"'
    String ends at the red mark... so what does PHP try and do with that single quote?

  6. #6
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,897
    Mentioned
    138 Post(s)
    Tagged
    2 Thread(s)
    Try this:
    PHP Code:
    $query=sprintf(
      
    'INSERT INTO data VALUES ("", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s")',
      
    mysql_real_escape_string($affid),
      
    mysql_real_escape_string($p),
      
    mysql_real_escape_string($title),
      
    mysql_real_escape_string($first),
      
    mysql_real_escape_string($last),
      
    mysql_real_escape_string($email),
      
    mysql_real_escape_string($dob),
      
    $ip
      mysql_real_escape_string
    ($subid),
      
    $datenow,
      
    $timenow,
    ); 
    See how much cleaner that is?
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  7. #7
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    64 Post(s)
    Tagged
    0 Thread(s)
    incidentally, both datenow and timenow can probably be replaced by MySQL functions.

  8. #8
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Big thank you guys for help me out. Keep up the good work guys

    Stari ion i cant as the server is based in the USA and i need it to log UK times/dates that why i have done that


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •