Welcome! Log In Create A New Profile

Advanced

Portfolio and mysqli_real_escape_string

Posted by 77929284 
Announcements Last Post
Announcement SoC Curricula 09/30/2017 01:08PM
Announcement Demarcation or scoping of examinations and assessment 02/13/2017 07:59AM
Announcement School of Computing Short Learning Programmes 11/24/2014 08:37AM
Announcement Unisa contact information 07/28/2011 01:28PM
Forums Messages New
avatar
77929284
Portfolio and mysqli_real_escape_string
May 20, 2013 10:37AM
Hi there,
Has anyone used 
Language: PHP
mysqli_real_escape_string
for SQL statements? I just thought I should look into this for increased security, but whenever I try to use it as I understand it to be used from the php manual no data gets inserted in the database.
With this I can insert data in the database: 
Language: PHP
$sql = "INSERT INTO course VALUES (LAST_INSERT_ID(), ';$cname';)";
$result = mysqli_query ($link, $sql);
But if I change it to this it no longer works, am I missing something? 
Language: PHP
$sql = "INSERT INTO course VALUES (LAST_INSERT_ID(), ';$cname';)";
$sql = mysqli_real_escape_string($link, $sql);
$result = mysqli_query ($link, $sql);
Thanks!
Reply Quote
avatar
Mac
Re: Portfolio and mysqli_real_escape_string
May 20, 2013 04:04PM
I am not familar with this issue - best you can do is Google. My gut feel is to get rid of LAST_INSERT_ID() by assigning it to a variable, then insert.
Reply Quote
77911997
Re: Portfolio and mysqli_real_escape_string
May 20, 2013 04:31PM
mysql_real_escape_string works like this: 
Language: PHP
$first_name = mysql_real_escape_string($_POST[';fname';]);
 
similar to 
 
$first_name = htmlspecialchars($_POST[';fname';]);
 
$first_name = htmlentities($_POST[';fname';]);
Reply Quote
avatar
77929284
Re: Portfolio and mysqli_real_escape_string
May 21, 2013 03:09AM
Thanks! Was wondering if that was the issue, just couldn't figure out how 
Language: PHP
mysqli_real_escape_string
worked. So I understand that 
Language: PHP
htmspecialchars and mysqli_real_escape_string

do pretty much the same thing.
Reply Quote
avatar
Mac
Re: Portfolio and mysqli_real_escape_string
May 22, 2013 07:59AM
mysqli_real_escape_string or mysql_real_escape_string? 

Language: PHP
string mysqli_real_escape_string ( mysqli $link , string $escapestr ) // you used the sql query as the $escapestr - it should be the $var you want to insert
Reply Quote
77911997
Re: Portfolio and mysqli_real_escape_string
May 22, 2013 08:10AM
ow my bad, he was asking about mysqli_real_escape_string not mysql_real_escape_string.

in that case... what is $link? where did you declare $link?

is it something like: 

Language: PHP
$link = mysqli_connect("localhost", "my_user", "my_password", "registration");
Reply Quote
avatar
77929284
Re: Portfolio and mysqli_real_escape_string
May 22, 2013 09:25AM
Hiya,
Yes, I declared $link like that in my config file.
Thanks for looking into it!
Reply Quote
70363137
Re: Portfolio and mysqli_real_escape_string
May 22, 2013 09:35AM
just when I thought I had my head almost wrapped around some stuff - they go and add more!

Glen
Reply Quote
77911997
Re: Portfolio and mysqli_real_escape_string
May 22, 2013 10:07AM
LOL Glen, you will be fine. we learn everyday.

amongst other things I learned this (see code below). basically I wanted to use 1 function but after processing redirect to different pages, depending on which page called the function. 

Language: PHP
$page = parse_url($_SERVER[';HTTP_REFERER';],PHP_URL_PATH);
$page = basename($page);
 
....
 
if ($page == ';student_info.php';)
 {
           echo "<a href=\"list.php\"><b>redirect to list.php</b></a></p>";
}else{
            echo "<a href=\"student_man.php\"><b>redirect to student man</b></a></p>";
}
Reply Quote
70363137
Re: Portfolio and mysqli_real_escape_string
May 22, 2013 11:53AM
Ooooo!!!! Nice.

I am just finding PHP so incredibly powerful.

Glen
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login