Yes, I may have mixed up the input and output from different iterations of
running it. Let me try posting this again although it may not be an issue.
Once again if I enter two sequential apostrophes in the name (O''Brien)
the INSERT passes right through to MySQL without an error.
THE INPUT:
$sql_insert_registration = sprintf("INSERT INTO
Registrations (
Class_ID,
prid,
Registrant,
Company,
Phone,
Email
)
VALUES (
$_POST[Class_ID],
$_POST[prid],
'%s',".
parseNull($_POST['Company']).",
'$_POST[Phone]',
'$_POST[Email]'
)", mysql_real_escape_string($_POST['Registrant']));
echo "<pre>$_POST['Registrant".$_POST["Registrant"]."</pre>";
echo "<pre>".mysql_real_escape_string($_POST["Registrant"])."</pre>";
echo "<pre>".$sql_insert_registration."</pre>";
THE OUTPUT:
Brian O'Brien
Brian O\'Brien
INSERT INTO
Registrations (
Class_ID,
prid,
Registrant,
Company,
Phone,
Email
)
VALUES (
355,
257,
'Brian O\'Brien',NULL,
'612-456-5678',
'[email protected]'
)
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'Brien', 'Class registration confirmation', ' This email ' at line 16
Paul S. Johnson
U.S. Bankruptcy Court
District of Minnesota
[email protected]
612-664-5276
