Inserting embed code in database PHP issue

Question

hey, I'm trying to insert an embed code in my database, and it's giving me this error

Error adding new data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'movie.php?id=6001', 
            type = 'stream', 
            embed = '<object width=\"500\" he' at line 1

now this is the code i'm using :

            $sql = "INSERT INTO videos SET 
            title = '".mysql_escape_string($title)."', 
            urltitle = '".slug(mysql_escape_string($title))."', 
            description = '',
            category = 'streams', 
            first_img = '".mysql_escape_string($imgurl)."', 
            o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."', 
            type = 'stream', 
            embed = '".mysql_escape_string($embed)."', 
            last_updated = '".date("Y-m-d")."', 
            date_added = '".date("Y-m-d")."'";

anyone see any problems?

Thanks!

Answer 1

You should use mysql_real_escape_string()

and you should apply it on the whole value for full security and better readability.

In your case, you have an extra ' here:

    o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."', 
    ----------------------------------^