I wrote a logger function and it inserts "insert and update queries" to database. altough I apply "mysql_real_escape_string" to the sql stament, I cannot insert it to the database. any suggestion please?
A:
i have also problems with this function, then i use the addslashes() function, its not an answer but a solution.
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
Fincha
2010-08-02 08:02:32
I cannot really get what your answer is about. You mention problems with `mysql_real_escape_string()` you don't give any clue about, you mention `addslashes()` as escape function for MySQL, which is not, and you finally post what appears to be perfectly valid PHP code. Are you suggesting to use it or to avoid it?
Álvaro G. Vicario
2010-08-02 08:24:11
A:
INSERT INTO kayit (ip, user_id, query) VALUES ('127.0.0.1', 1 UPDATE faal_ekonkod SET bedel = 12000 WHERE id = 1)
In SQL, strings must be quoted. You are also missing a comma. Try this:
INSERT INTO kayit (ip, user_id, query) VALUES ('127.0.0.1', 1, 'UPDATE faal_ekonkod SET bedel = 12000 WHERE id = 1')
Álvaro G. Vicario
2010-08-02 12:27:06