I am trying to insert variables into a database, some of which potentially could hold apostrophes.
I know about mysql_real_escape_string so I generate this sql statement:
It dont get any errors, even with this:Code:$sql = ("INSERT INTO $fcbk_id (PredictedAt, HomeTeam, AwayTeam, HomePrediction, AwayPrediction, GameKey) VALUES ('".mysql_real_escape_string($date_now)."', '".mysql_real_escape_string($HomeTeam)."', '".mysql_real_escape_string($AwayTeam)."', '".mysql_real_escape_string($HomeScore)."', '".mysql_real_escape_string($AwayScore)."', '".mysql_real_escape_string($GameKey)."')");
however it still doesnt insert anything after an apostrophe in the fields. I am running this from my localhost. I.e Nottingham is sometimes shortened to Nott'ham, but all that would be entered to the database is NottCode:if (!mysql_query($sql)) { // SQL failed, print error message and abort print mysql_error();exit(); }
Any ideas why?
Reply With Quote