I added the mysql_real_escape_string function to my form. the form sends to the database just fine. but when i test the escape it doesn’t seem to be working. for example when i fill out a form field with the ’ character it gives me this error : error uploading content: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’’’)’ at line 1
here is my function php file:
[php]<?php
//connect to database
function connect(){
$link=mysql_connect(DB_HOST, DB_USER, DB_PASS);
if(!$link){
die('Could not connect: ’ . mysql_error());
}
$db_select=mysql_select_db(DB_NAME, $link);
if(!$db_select){
die('Could not connect: ’ . mysql_error());
}
}
//mysql_real_escape_string
function make_safe($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote if not a number
if (!is_numeric($value))
{
$value = “’” . mysql_real_escape_string($value) . “’”;
}
return $value;
}
?>[/php]
here is the form:
[php]
Product
2ply Qty:
3ply Qty:
Date
Date: Year 2012 2013/ Month 01-Jan 02-Feb 03-Mar 04-Apr 05-May 06-Jun 07-Jul 08-Aug 09-Sept 10-Oct 11-Nov 12-Dec/ Day 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Comments
[/php]
and here is the process:
[php]<?php
require_once(‘functions.php’);
require_once(‘config.php’);
connect();
$date = implode(’-’, $_POST[‘date’]);
$value= make_safe($_POST[‘twoply’]);
$value_1= make_safe($_POST[‘threeply’]);
$value_2= $date;
$value_3= make_safe($_POST[‘comments’]);
$sql=“INSERT INTO production (twoply, threeply, date, comments) VALUES (’$value’, ‘$value_1’, ‘$value_2’, ‘$value_3’)”;
if (!mysql_query($sql)) {
die('error uploading content: ’ . mysql_error());
}
mysql_close();
?>[/php]
any ideas?