Home/ Questions/Q 8253325
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T00:50:30+00:00

MYSQL Problem inserting Certain type of Text when i try to insert this for

  • 0

MYSQL Problem inserting Certain type of Text

when i try to insert this for example:

INSERT INTO `Attacks_key` 
  (`Event_Key` ,`Variable` ,`Value` ,`Impact` ,`Tags`)
    VALUES 
  ('111', 'REQUEST', ' mysql_real_escape ', '222', 'xss, csrf, id, rfe, lfi');

its inserted But when I try to insert this :

INSERT INTO `Attacks_key` 
 (`Event_Key` ,`Variable` ,`Value` ,`Impact` ,`Tags`) 
   VALUES 
 ('111', 'REQUEST', 'mysql_real_escape_string($_POST['username']); ', '222', 'xss, csrf, id, rfe, lfi');

MYSQL display this message :

#1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘username’]); ‘, ‘222’, ‘xss, csrf, id, rfe, lfi’)’ at line 1

and this is my php code 

$user="root";
$password="*";
$database="*";
mysql_connect(localhost,$user,$password);
@mysql_select_db($database) or die( "Unable to select database");
$sql = "SELECT `Key_id` FROM `Event` ORDER BY `Key_id` DESC LIMIT 1";
$result =mysql_query($sql);
$row = mysql_fetch_assoc($result);
$EventKey= $row['Key_id'];
$query="INSERT INTO `PHPLOGS`.`Attacks_key` (`Event_Key` ,`Variable` ,`Value` ,`Impact` ,`Tags`) VALUES ('$EventKey', '$getname', '$getvalue', '$getimpec', '$gettags');";
mysql_query($query);
mysql_close();

and the input ‘mysql_real_escape_string($_POST[‘username’]); from the user

Can someone help

thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you’re inserting mysql_real_escape_string($_POST['username']); literally, then escape the single quotes.

    INSERT INTO `Attacks_key` 
 (`Event_Key` ,`Variable` ,`Value` ,`Impact` ,`Tags`) 
   VALUES 
 ('111', 'REQUEST', 'mysql_real_escape_string($_POST[\'username\']); ', '222', 'xss, csrf, id, rfe, lfi');
    • 0