SitePoint Sponsor

User Tag List

Results 1 to 8 of 8

Thread: Would This Work?

  1. Aug 16, 2011 04:20 #1
    AdWarm
    AdWarm is offline
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    217
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Would This Work?

    Hi Guys,

    Would the following code work?

    PHP Code:
    $query mysql_escape_string("SELECT FirstName, LastName FROM affiliates WHERE AffID ='$affid'"); 
    Thanks for your help guys!
    Reply With Quote Reply With Quote
  2. Aug 16, 2011 04:26 #2
    ScallioXTX
    ScallioXTX is offline
    Do. Or do not. There is no try silver trophy
     SitePoint Award Recipient ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,344
    Mentioned
    87 Post(s)
    Tagged
    2 Thread(s)
    Maybe, but you shouldn't do it like that, but rather

    PHP Code:
    $query=sprintf('SELECT FirstName, LastName FROM affiliates WHERE AffID="%s"'mysql_real_escape_string($affid)); 
    or you could use concatenation, like


    PHP Code:
    $query='SELECT FirstName, LastName FROM affiliates WHERE AffID="'.mysql_real_escape_string($affid).'"'
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy
    Reply With Quote Reply With Quote
  3. Aug 16, 2011 06:11 #3
    AdWarm
    AdWarm is offline
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    217
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks ScallioXTX, You've been a big help
    Reply With Quote Reply With Quote
  4. Aug 16, 2011 06:38 #4
    AdWarm
    AdWarm is offline
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    217
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Infact i cant get it working, syntax error

    $query="INSERT INTO data VALUES ('',"'.mysql_real_escape_string($affid).'","'.mysql_real_escape_string($p).'","'.mysql_real_escape_string($title).'","'.mysql_real_escape_string($first).'","'.mysql_real_escape_string($last).'","'.mysql_real_escape_string($email).'","'.mysql_real_escape_string($dob).'",'$ip',"'.mysql_real_escape_string($subid).'",'$datenow','$timenow')";
    Any help would be great please.

    Thank you.
    Reply With Quote Reply With Quote
  5. Aug 16, 2011 06:44 #5
    StarLion
    StarLion is offline
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,530
    Mentioned
    31 Post(s)
    Tagged
    0 Thread(s)
    You've got your single and double quotes mixed up.

    Code:
    $query="INSERT INTO data VALUES ('',"'
    String ends at the red mark... so what does PHP try and do with that single quote?
    Reply With Quote Reply With Quote
  6. Aug 16, 2011 06:49 #6
    ScallioXTX
    ScallioXTX is offline
    Do. Or do not. There is no try silver trophy
     SitePoint Award Recipient ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,344
    Mentioned
    87 Post(s)
    Tagged
    2 Thread(s)
    Try this:
    PHP Code:
    $query=sprintf(
          'INSERT INTO data VALUES ("", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s")',
          mysql_real_escape_string($affid),
          mysql_real_escape_string($p),
          mysql_real_escape_string($title),
          mysql_real_escape_string($first),
          mysql_real_escape_string($last),
          mysql_real_escape_string($email),
          mysql_real_escape_string($dob),
          $ip
      mysql_real_escape_string    ($subid),
          $datenow,
          $timenow,
    ); 
    See how much cleaner that is?
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy
    Reply With Quote Reply With Quote
  7. Aug 16, 2011 06:53 #7
    StarLion
    StarLion is offline
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,530
    Mentioned
    31 Post(s)
    Tagged
    0 Thread(s)
    incidentally, both datenow and timenow can probably be replaced by MySQL functions.
    Reply With Quote Reply With Quote
  8. Aug 16, 2011 07:00 #8
    AdWarm
    AdWarm is offline
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    217
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Big thank you guys for help me out. Keep up the good work guys

    Stari ion i cant as the server is based in the USA and i need it to log UK times/dates that why i have done that
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules