mysql_real_escape_string as a variable

system · June 21, 2011, 3:57pm

All,

New to this coding thing and trying to make my why through it. I’m using a .php page and trying to insert the mysql_real_escape_string into a sprintf call. Here is the relevant (i think) portion of my page. How do i treat the mysql_real_escape_string as a variable? I keep getting this error “Warning: sprintf() [function.sprintf]: Too few arguments in /home/anacosti/public_html/maps/anacostia_xml_domnew.php on line 44 Invalid query: Query was empty” Thanks,

[php]

if ($_GET[“Juris”]==’’) {;}
ELSE {$wherestate = “WHERE Juris = ‘%s’”;}

$variablenew = ‘mysql_real_escape_string($center_lat),
mysql_real_escape_string($center_lng),
mysql_real_escape_string($center_lat),
mysql_real_escape_string($Juris),
mysql_real_escape_string($radius)’;

$query = sprintf(“SELECT Juris, Cost, lat, lng, ( 3959 *
acos( cos( radians(’%s’) ) * cos( radians( lat ) ) *
cos( radians( lng ) - radians(’%s’) ) + sin( radians(’%s’) ) *
sin( radians( lat ) ) ) ) AS distance FROM ARP_projects $wherestate HAVING distance < ‘%s’ ORDER BY distance LIMIT 0 , 20”,
$variablenew );

[/php]

dude1234 · June 22, 2011, 5:25pm

Anyone have any thoughts on this one? I could use help with a similar issue.

codeguru · June 23, 2011, 3:51am

Not really sure if i got your question right but you may try this:

[php]
$center_lat=mysql_real_escape_string($center_lat);

$center_lng=mysql_real_escape_string($center_lng);

$center_lat=mysql_real_escape_string($center_lat);

$Juris=mysql_real_escape_string($Juris);
$radius=mysql_real_escape_string($radius);

$variablenew=$center_lat . ', ’ . $center_lng . ', ’ . $center_lat . ', ’ . $Juris . ', ’ . $radius;
[/php]

Notice I escaped values first and finally pull those values altogether and assigned it to $variablenew.