Home/ Questions/Q 8951289
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T13:37:44+00:00

Solved previous part of problem, still need to understand why this isn’t working though

  • 0

Solved previous part of problem, still need to understand why this isn’t working though 🙂

Reverting back to escaping the strings separately, I have this.

    mysql_query("INSERT INTO users (firstname,surname,email,password,birthday,birthmonth,birthyear,houseno,streetname,town,country,postcode,phonenumber,singer,songwriter,producer,composer,band,instrument,instrument2,extra,confirmcode) VALUES ('".$firstname."','".$surname."','".$email."','".$password."',".$birthday.",".$birthmonth.",".$birthyear.",'".$houseno."','".$streetname."','".$town."','".$country."','".$postcode."',".$phonenumber.",".$singer.",".$songwriter.",".$producer.",".$composer.", ".$band.",'".$instrument."','".$instrument2."','".$extra."','".$rand."')",
    mysql_real_escape_string($surname),
    mysql_real_escape_string($firstname),
    mysql_real_escape_string($stown),
    mysql_real_escape_string($houseno),
    mysql_real_escape_string($streetname),
    mysql_real_escape_string($extra),
    mysql_real_escape_string($email)) or die ('pood'); 
    echo $streetname;

I’m getting the die error – so it doesn’t echo $streetname; (which should be ‘Clark\’s Way’), and doesn’t seem to backslash apostrophe as it’s not being entered into the database.

Apologies if I haven’t done my research to your standards, but I’ve been trying to understand why this isn’t working for hours.

Thanks 🙂

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    mysql_query() doesn’t take multiple arguments like that. You need to escape each variable within the string of the query. Like this:

    ... VALUES ('".mysql_real_escape_string($firstname)."','".mysql_r...

    So, you’d end up with something like this:

    $query = "INSERT INTO users (firstname,surname,email,password,birthday,
birthmonth,birthyear,houseno,streetname,town,country,postcode,
phonenumber,singer,songwriter,producer,composer,band,instrument,
instrument2,extra,confirmcode) VALUES (
'". mysql_real_escape_string($firstname) ."',
'". mysql_real_escape_string($surname) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($password) ."',
'". mysql_real_escape_string($birthday) ."',
'". mysql_real_escape_string($birthmonth) ."',
'". mysql_real_escape_string($birthyear) ."',
'". mysql_real_escape_string($houseno) ."',
'". mysql_real_escape_string($streetname) ."',
'". mysql_real_escape_string($town) ."',
'". mysql_real_escape_string($country) ."',
'". mysql_real_escape_string($postcode) ."',
'". mysql_real_escape_string($phonenumber) ."',
'". mysql_real_escape_string($singer) ."',
'". mysql_real_escape_string($songwriter) ."',
'". mysql_real_escape_string($producer) ."',
'". mysql_real_escape_string($composer) ."',
'". mysql_real_escape_string($band) ."',
'". mysql_real_escape_string($instrument) ."',
'". mysql_real_escape_string($instrument2) ."',
'". mysql_real_escape_string($extra) ."',
'". mysql_real_escape_string($rand) ."')";

mysql_query($query) or die (mysql_error());

    Sorry if there’s a typo in there. But I think you get the idea.

    Here’s an (untested) example of how a parameterized query might work, adapted from the examples in the manual:

    $query = "INSERT INTO users (firstname,surname,email,password,birthday,
birthmonth,birthyear,houseno,streetname,town,country,postcode,
phonenumber,singer,songwriter,producer,composer,band,instrument,
instrument2,extra,confirmcode) VALUES (
:firstname, :surname, :email, :password, :birthday, :birthmonth,
:birthyear, :houseno, :streetname, :town, :country, :postcode, :phonenumber,
:singer, :songwriter, :producer, :composer, :band, :instrument, :instrument2,
:extra, :rand)";

// assume $dbh is your PDO database connection
$sth = $dbh->prepare($query);
$sth->bindParam(':firstname', $firstname);
$sth->bindParam(':surname', $surname);
$sth->bindParam(':email', $email);
$sth->bindParam(':password', $password);
$sth->bindParam(':birthday', $birthday);
// and so on...

$sth->execute();
    • 0