Hi Guys,
Would the following code work?
$query = mysql_escape_string("SELECT FirstName, LastName FROM affiliates WHERE AffID ='$affid'");
Thanks for your help guys!
Maybe, but you shouldn’t do it like that, but rather
$query=sprintf('SELECT FirstName, LastName FROM affiliates WHERE AffID="%s"', mysql_real_escape_string($affid));
or you could use concatenation, like
$query='SELECT FirstName, LastName FROM affiliates WHERE AffID="'.mysql_real_escape_string($affid).'"';
Thanks ScallioXTX, You’ve been a big help
Infact i cant get it working, syntax error 
$query=“INSERT INTO data VALUES (‘’,”‘.mysql_real_escape_string($affid).’“,”‘.mysql_real_escape_string($p).’“,”‘.mysql_real_escape_string($title).’“,”‘.mysql_real_escape_string($first).’“,”‘.mysql_real_escape_string($last).’“,”‘.mysql_real_escape_string($email).’“,”‘.mysql_real_escape_string($dob).’“,‘$ip’,”‘.mysql_real_escape_string($subid).’“,‘$datenow’,‘$timenow’)”;
Any help would be great please.
Thank you.
You’ve got your single and double quotes mixed up.
$query="INSERT INTO data VALUES ('',[COLOR="Red"]"[/COLOR]'
String ends at the red mark… so what does PHP try and do with that single quote?
Try this:
$query=sprintf(
'INSERT INTO data VALUES ("", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s")',
mysql_real_escape_string($affid),
mysql_real_escape_string($p),
mysql_real_escape_string($title),
mysql_real_escape_string($first),
mysql_real_escape_string($last),
mysql_real_escape_string($email),
mysql_real_escape_string($dob),
$ip
mysql_real_escape_string($subid),
$datenow,
$timenow,
);
See how much cleaner that is?
incidentally, both datenow and timenow can probably be replaced by MySQL functions.
Big thank you guys for help me out. Keep up the good work guys
Stari ion i cant as the server is based in the USA and i need it to log UK times/dates that why i have done that