insert.php is behind htaccess/passwd It is grabbing data from an external source and then

Question

0

Editorial Team

Asked: June 13, 20262026-06-13T20:53:08+00:00 2026-06-13T20:53:08+00:00

insert.php is behind htaccess/passwd It is grabbing data from an external source and then

0

insert.php is behind htaccess/passwd

It is grabbing data from an external source and then converting this into variables for insertion to database.

I am getting a mysql error that I believe is being caused by the existence of left and right parentheses ie (some text here) in the external source.

I’ve used mysql_real_escape_string but it doesn’t seem to be working in this case.

$con = mysql_connect("localhost","user_name","password");
if (!$con)
{
    die('Could not connect: ' . mysql_error());
}

mysql_select_db("user_dbname", $con);

// escape characters
$escaped_value = mysql_real_escape_string($var);

$sql = "INSERT INTO data (field1, field2, field3, field4, field5, field6)
        VALUES ('$_POST[field1]','$_POST[field2]','$_POST[field3]','$_POST[field4]',
                '$field5','$escaped_value', )";
;

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-13T20:53:09+00:00

You’ve got a comma after the last data field which is causing the query to fail. Also, you should refer to the $_POST array variables as $_POST['field1'] and not $_POST[field1]

Try

$sql = "INSERT INTO data (field1, field2, field3, field4, field5, field6)
    VALUES ('".$_POST['field1']."','".$_POST['field2']."','".$_POST['field3']."','".$_POST['field4']."',
            '$field5','$escaped_value')";

Effectively, mysql_real_escape_string is the least of your problems. 🙂

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

insert.php is behind htaccess/passwd It is grabbing data from an external source and then

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply