A
Alert
Guest
Basically, I am taking form data, combining fields into one string, and then using that string in an UPDATE query.
Now normally you could use something like addslashes() or even better, mysql_real_escape_string() . Use that on the values part of the string and bam! it should be done.
However, that doesn't seem to be the case for me. The functions do work and change the string, however the query seems to just ignore the backslashes, as if they are escaped as well. Not sure why.
This is where I take the data:
$gpdescr[$r] = htmlspecialchars(mysql_real_escape_string($_POST['gpdescr'.$i]), ENT_QUOTES);
Whether switching the order of the functions, using one or the other, or neither of them, it still doesn't work. Using the example above and after some combining, it would return something like this(using echo. ignore leading comma):
, d2='\'example'
clearly it seems as though it should escape that single quote, and do the rest of the query. however, it still gives the SQL syntax error. Keep in mind this is not some other structure error as it works fine if there are no single quotes. And its quite annoying as I have escaped characters before with no problem. I dont think it is a character set problem, though I did not look into it if that is a likely answer.
Hopefully someone has an idea of why this could be happening and how to work around this... Thanks in advance.
Now normally you could use something like addslashes() or even better, mysql_real_escape_string() . Use that on the values part of the string and bam! it should be done.
However, that doesn't seem to be the case for me. The functions do work and change the string, however the query seems to just ignore the backslashes, as if they are escaped as well. Not sure why.
This is where I take the data:
$gpdescr[$r] = htmlspecialchars(mysql_real_escape_string($_POST['gpdescr'.$i]), ENT_QUOTES);
Whether switching the order of the functions, using one or the other, or neither of them, it still doesn't work. Using the example above and after some combining, it would return something like this(using echo. ignore leading comma):
, d2='\'example'
clearly it seems as though it should escape that single quote, and do the rest of the query. however, it still gives the SQL syntax error. Keep in mind this is not some other structure error as it works fine if there are no single quotes. And its quite annoying as I have escaped characters before with no problem. I dont think it is a character set problem, though I did not look into it if that is a likely answer.
Hopefully someone has an idea of why this could be happening and how to work around this... Thanks in advance.