Home/ Questions/Q 6891927
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T06:28:16+00:00

I am borrowing this code that was entering strings (user, message) into shoutbox table

  • 0

I am borrowing this code that was entering strings (user, message) into shoutbox table as strings in the database

function insertMessage($user, $message){
    $query = sprintf("INSERT INTO shoutbox(user, message) VALUES('%s', '%s');",
        mysql_real_escape_string(strip_tags($user)),
        mysql_real_escape_string(strip_tags($message))
    );

However, I am changing the data and actually inserting several different datatypes, (i.e. in the database they will be “strings” and “tinyint”). Function insertMessage is now going to be called with these many different _POST values

   echo insertMessage(
       $_POST['drafting'], 
       $_POST['advocacy'], 
       $_POST['interview'],
       $_POST['letter'],
       $_POST['solicitor'],
       $_POST['barrister'],
       $_POST['instructor'],
       $_POST['secret']
   );

–drafting, advocacy, interview, letter, solicitor, barrister are going into the database as “tinyint” and need intval called on them to make them integers

–instructor and secret are both going into the database as “strings”

My questions are

a) how to mix the tinyint data (and call intval on it) with the strings while escaping the strings

b) is there a way to do this without building a mega long insert statement

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You don’t have to call intval() on the values, mysql_real_escape_string() will work on numbers too (make sure you continue to quote them).

    • 0