No, still no idea :) 
I did read the manual but I can't figure out how to use it in my script.
I'll paste the page below:


<FORM ACTION="<?php echo($PHP_SELF); ?>" METHOD=POST TARGET=_self>
 <table border="1" width="80%" bgcolor="#0D9BA4">
 <tr>
    <td width="29%"><b>AEC Submission Title:</td>
    <td width="81%" align="center"><input type="Text" name="title"
size="50"></td>
  </tr>
  </table>
   <input name="id" type="hidden">
  <input name="date" type="hidden" value="<?php echo
date('%Y,%m,%d');?>">
  <input name="ident" type="hidden" value="<?php echo
$_SERVER[AUTH_USER];?>">
  <input type="Submit" name="submit" value="Submit"
style="background-color:#adc3d6;color:#000000;font-weight: bold">
</FORM>

<form name="count">
<input type="text" size="73" name="count2"
style="background-color:#BBD3E1; font-weight:bold">
</form>
<?
if ($submit)
{
$dbcnx = @mysql_connect("localhost", "root", "password");
mysql_select_db("movements");
$sql = "INSERT INTO aec SET date='$date', title='$title',
ident='$ident', id='$id'";
mysql_query($sql);
}



So, I understand the escape-string bit, but I just son't know where or
in what syntax to use it in the above script.
Cheers
Justin


-----Original Message-----
From: Ramil Sagum [mailto:[EMAIL PROTECTED] 
Sent: Friday, 1 October 2004 11:24 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] The variable $_SERVER['AUTH_USER'] gives
domain\\username problem


Thus wrote justin:
> Thanks Ramil,
> 
> I knew it had something to do with the \, but I still can't figure out
> how to get the variable into the database without the extra '\'
> It is entered into the database via a form using the input below:
> 
> <input name="ident" type="hidden" value="<?php echo
> $_SERVER[AUTH_USER];?>">
> 
> Where would I use the mysql_real_escape_string ?

>From the manual:

"This function will escape special characters in the unescaped_string,
taking into account the current character set of the connection so
that it is safe to place it in a mysql_query(). "

an example from the manual:

$query = sprintf("SELECT * FROM users WHERE user='%s' AND
password='%s'",
           mysql_real_escape_string($user),
           mysql_real_escape_string($password));
mysql_query($query);


I hope this is enough :)


----

ramil

http://ramil.sagum.net

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to