Home/ Questions/Q 7872133
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T02:07:07+00:00

I would really appreciate any help I can get with this. I am having

  • 0

I would really appreciate any help I can get with this.

I am having real trouble with a form and I cant seem to get mysql_real_escape_string to work at all.

I am using MySQL 5.5 with PHP and to test it out I have created a simple form
Magic Quotes is not turned on at all.

Using this form:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form name="event_ad" action="test.php" method="post">
    <table>
    <tr>
        <td>Event Name:</td>
        <td><input name="event_name" type="text" size="90" /></td>
    </tr>
    <tr>
        <td>Start Date:</td>
        <td><input name="start_date" type="text" size="90" /></td>
    </tr>
    <tr>
        <td colspan="2" align="center"><input name="Submit" type="submit" id="Submit" value="Add New Event" /></td>
    </tr>
    </table>
</form>
</body>
</html>

Then the data is input nto the table using test.php

<?php
    mysql_connect("localhost","username","password") or die(mysql_error());
    mysql_select_db("databasename") or die(mysql_error());

    $name = $_POST['event_name'];
    $sdate = $_POST['start_date'];
    $name = mysql_real_escape_string($name);

    $sql = "INSERT INTO tblevents (event_name, event_date) VALUES ('" . $name . "','" . $sdate . "')";

    mysql_query($sql);

    echo "success";
?>

(connection details changed)

When I input the Event Name O’Rielly “Smith” it is inserted into the MySQL table as O’Rielly “Smith”

There is no back slashes, no escaping at all.

I really have scoured the internet trying to work this out but it seems that it works for everyone else.

Am I missunderstanding something fundamental here?
I would thoroughly appreciate if someone could steer me in the right direction.

This is my first post on this forum, and the html and code formating dont seem to be the same as most forums I have visited, and you cant preview so I hope this turns out OK.

Thanx in advance to any who offer help.
Cheers Al.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When I input the Event Name O’Rielly “Smith” it is inserted into the MySQL table as O’Rielly “Smith”

    That is what is supposed to happen.

    Escaping makes the data pass through the query so that the original data ends up in the database. The purpose is not to add extra characters to your stored data, it is to stop characters with special meaning from breaking your SQL.

    • 0