Would This Work?

Hi Guys,

Would the following code work?

$query = mysql_escape_string("SELECT FirstName, LastName FROM affiliates WHERE AffID ='$affid'");

Thanks for your help guys!

Maybe, but you shouldn’t do it like that, but rather

$query=sprintf('SELECT FirstName, LastName FROM affiliates WHERE AffID="%s"', mysql_real_escape_string($affid));

or you could use concatenation, like

$query='SELECT FirstName, LastName FROM affiliates WHERE AffID="'.mysql_real_escape_string($affid).'"';


Thanks ScallioXTX, You’ve been a big help :slight_smile:

Infact i cant get it working, syntax error :frowning:

$query=“INSERT INTO data VALUES (‘’,”‘.mysql_real_escape_string($affid).’“,”‘.mysql_real_escape_string($p).’“,”‘.mysql_real_escape_string($title).’“,”‘.mysql_real_escape_string($first).’“,”‘.mysql_real_escape_string($last).’“,”‘.mysql_real_escape_string($email).’“,”‘.mysql_real_escape_string($dob).’“,‘$ip’,”‘.mysql_real_escape_string($subid).’“,‘$datenow’,‘$timenow’)”;

Any help would be great please.

Thank you.

You’ve got your single and double quotes mixed up.

$query="INSERT INTO data VALUES ('',[COLOR="Red"]"[/COLOR]'

String ends at the red mark… so what does PHP try and do with that single quote?

Try this:

  'INSERT INTO data VALUES ("", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s")',

See how much cleaner that is? :slight_smile:

incidentally, both datenow and timenow can probably be replaced by MySQL functions.

Big thank you guys for help me out. Keep up the good work guys :slight_smile:

Stari ion i cant as the server is based in the USA and i need it to log UK times/dates that why i have done that :slight_smile: