Well, then this should definitely work:
include('../includes/functions.php');
// Check for a description.
if (!empty($_POST['descr'])) {
$descr = mysql_real_escape_string($_POST['descr']);
} else {
$descr = FALSE;
echo '<p><font color="red">Please enter a Description.</font></p>';
exit();
}
if ($descr) {
$query = "UPDATE brbox SET descr='$descr' WHERE id = $id";
echo $query; // these are just for displaying the query
exit(); // these will be removed in the final version
mysql_query($query);
Hi Paul,
Again this still doesn’t seem to want to do it.
Could it be my server that doesn’t have the mysql_real_escape_string function installed?
I’ve tried using the method above you posted, but when I echo my query it still keeps the : isn’t , rather than(I assume) isn\'t .
How do I check if the mysql_real_escape_string is installed?
OK, this is odd.
I’ve tried:
<?
$descr = "Just a Test Description. This isn't on the live site just yet. Just for testing.";
echo $descr;
require_once('../includes/mysqlconnect.php');
$descr = escape_data($descr);
echo '<hr />';
echo $descr;
?>
And it escapes it correctly: Just a Test Description. This isn\'t on the live site just yet. Just for testing., but not in my other script 
Can’t think why.
If the function wasn’t available PHP would throw a fatal error. I can’t see any reason why it wouldn’t escape single quotes. Try the simplest test:
echo mysql_real_escape_string("Paul's test");
Please see my most recent post above.
It works, but not on the script I want it too
Can I PM you the entire script decowski ? Many thanks for any further help.
Many thanks, I have PM’d you.