Home/ Questions/Q 9190423
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T20:27:27+00:00

if($_SESSION[‘s_logged_n’] == ‘true’){ $server = $panel->real_escape_string($_GET[‘ip’]); $dn = $panel->real_escape_string($_GET[‘newname’]); $query = $panel->query( UPDATE `Registered`

  • 0
if($_SESSION['s_logged_n'] == 'true'){
    $server = $panel->real_escape_string($_GET['ip']);
    $dn = $panel->real_escape_string($_GET['newname']);
    $query = $panel->query(
        "UPDATE `Registered` SET `displayname` = '$dn' WHERE `owner`='".$_SESSION['s_username']."' AND `server`='$server'"
    );
}

Above is the code that I am using. $panel is a connection to the database, which works. I’ve been banging my head for hours working with this stuff in order to try and escape the quotes.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You are not using mysqli_real_escape_string you are using the method real_escape_string that belongs to the objects $panel now if that is just another name for mysqli_real_escape_string then it is not used to “strip” quotes, it is used to make a legal SQL query. Quotes are not an illegal entity. I would suggest simply str_replace() if you want to specifically target quotations.

    EDIT

    jeroen beat me in the comments :p

    • 0