Hey guys,

 

Sometimes, I have no idea why just enclosing your variables in your query with the mysql_real_escape_string function doesn’t do the trick. For example, this didn’t work for me!

mysql_query(“INSERT INTO `users` VALUES(”,'”.mysql_real_escape_string($username).”‘,'”.$email.”‘,'”.$password.”‘)”);

 

I tryied and I tryied like a deaf rooster and suddenly it hit me! And I didn’t mean the kitchen door, which I admit was quite scary, but I got the idea!

Here is what I did, I just put the  mysql_real_escape_string function when I was declaring the variable just in front of the $_POST[] assosiative array and it worked! Here is the code.

 

<?php
require(‘mysql.php’);
if(isset($_POST[‘username’]) and isset($_POST[’email’]) and isset($_POST[‘password’])){
if(!empty($_POST[‘username’]) and !empty($_POST[’email’]) and !empty($_POST[‘password’])){;

$username = mysql_real_escape_string($_POST[‘username’]);
$email = $_POST[’email’];
$password = $_POST[‘password’];
echo $username.'<br />’;
echo $email.'<br />’;
echo $password.'<br />’;

mysql_query(“INSERT INTO `users` VALUES(”,'”.mysql_real_escape_string($username).”‘,'”.$email.”‘,'”.$password.”‘)”);

}
}

 

 

 
?>

 

Of course, I will also put the same function in my other varriables in this code because otherwise it would be a complete waste of time, but I just thought of sharing it with you guys so if you get stuck with the, you know what to do.

 

Hugs

Stef