mysql_real_escape_string() is a function that returns the post-processed value.
So you can either do it like this:
$safe_value = mysql_real_escape_string($unsafe_value);
then use $safe_value in your query, or put the function right into your query:
$myQY = "INSERT INTO sometable (value) values ('" .
mysql_real_escape_string($unsafe_value) . "';";
Hope that helps (did I get this message in before the 400 other people
responded? hah)
-TG
= = = Original message = = =
OK this should be really obvious but I just can't figure it out. I have
a script that opens a file, reads it line by line and inserts the
contents into a database. I know I need to use mysql_real_escape_string
to properly escape the contents but I don't know where exactly to place
it in the script.
Any pointers, liks, guidance etc gratefully received!
Alan
*CODE:*
//Input check file
$filename="input/w2wcheck.txt";
echo "<h2>$filename</h2>";
# Open file
$fptr = fopen($filename, "r");
# Check if file is open
if($fptr)
$current_line = fgets($fptr,4096);
$retval = TRUE;
echo "open";
while($current_line && $retval)
list(
$UNIQUEID ,
$ASSETID ,
$CNF
) = explode(",",$current_line);
$query = "insert into invw2wcheck (
UNIQUEID ,
ASSETID ,
CNF
)
values
(
'$UNIQUEID',
'$ASSETID ',
'$CNF'
)";
$result = mysql_query($query);
if(!$result)
echo "<h1>Processing halted due to Error No:";
echo mysql_errno().": ";
echo mysql_error()."<BR>";
echo "</h1>";
$retval = FALSE;
die;
elseif(mysql_affected_rows() == 0)
$retval = FALSE;
die;
$current_line = fgets($fptr,4096);
fclose($fptr);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
