Home/ Questions/Q 8478689
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T18:48:51+00:00

I have a form with a hidden field that looks something like this: <form

  • 0

I have a form with a hidden field that looks something like this:

     <form id="myform" method="post" action="/myphp.php">

        <div>
            <label for="name">Name</label>
            <input type="text" id="name" name="name" />
        </div>
        <div>
            <input type="hidden" id="id" name="title" value="Bob's Group (test)" />
        </div>
        <div>     
            <input type="submit" value="Sign up" class="send_button" />
        </div>   


      </form>

The hidden value ‘title’ get’s its value from a Perch CMS php inline script and in this case it’s “Bob’s Group (test)”.

The php script to process this form looks like this:

<?php

// Get and check input
$title = check_input($_POST['title']);
echo "title: $title<br>";

$name = check_input($_POST['name']);

$title = mysql_real_escape_string($title);

// Some sql queries that use $title
?>

The output looks like this:

title: Bob’s Group (test)
title:

In other words, mysql_real_escape_string causes title to become a blank string.

Is there a way to handle this form value and generate a safe sql string to use?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    mysql_real_escape_string() is MySQL server-side. It requires an active DB connection. Check if you have one in the moment of check.

    Just a note, not an advice: mysql_escape_string() is client-side, i.e. works in PHP even without active MySQL connection.

    • 0