Code Forums - View Single Post

sde · 01-16-2007, 03:42 PM

first i'd advise that you not use htmlspecialchars on inserting data. instead, use it after extracting the data and before you print it to the screen.

as to your problem, what does the query look like when you echo $query;

you should probalby use mysql_real_escape_string() to escape your input as well.

PHP Code:


			
$sql = "INSERT INTO table (text) VALUES ('".mysql_real_escape_string($articleText)."')";

// print the query to the screen so you can make sure it looks good
echo $sql;

// execute it
mysql_query($sql);

01-16-2007, 03:42 PM	#2 (permalink)
sde Moderator Join Date: May 2002 Location: us.ca Posts: 4,529	first i'd advise that you not use htmlspecialchars on inserting data. instead, use it after extracting the data and before you print it to the screen. as to your problem, what does the query look like when you echo $query; you should probalby use mysql_real_escape_string() to escape your input as well. PHP Code: `$sql = "INSERT INTO table (text) VALUES ('".mysql_real_escape_string($articleText)."')"; // print the query to the screen so you can make sure it looks good echo $sql; // execute it mysql_query($sql);` __________________ Mike