On Jul 10, 2009, at 10:12 PM, Haig Dedeyan <hdede...@videotron.ca>
wrote:
Hi everyone,
I'm starting to experiment with an edit form and I am seeing the
following
behaviour:
$fname = mysql_real_escape_string($fname);
$lname = mysql_real_escape_string($lname);
$sql = "UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE
id=$id";
$result = mysql_query($sql);
echo mysql_error() . "\n";
This will result in the addition of the slashes.
If I do the following, there are no slashes. Just wondering if I'm
on the
right path with the 1st code set..
$sql = "UPDATE phonedir SET fname =
'".mysql_real_escape_string($fname)."',lname =
'".mysql_real_escape_string($lname)."' WHERE id=$id";
$result = mysql_query($sql);
echo mysql_error() . "\n";
Cheers
Haig
Check that magic_quotes are turned off.
Bastien
Sent from my iPod
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
