m3rajk — Mon, 26 Jan 2004 04:24:16 +0000

that's actually what clean does. =o)

<?php
function clean($userInput){ # preps for db entry by \"cleaning\" html
  $a=addslashes(htmlentities(trim(stripslashes(rawurldecode($userInput))), ENT_QUOTES));
  return $a;
}
?>

tha t has al the ' and " get converted to the html entities and then incase there's anything else, it gets a \, so i probalby do overkill, but it's definitely covered

and it hasn't failed since i put in the debug statement.. i still have no clue why

antoshka — Fri, 23 Jan 2004 05:37:43 +0000

i am not sure what the function 'clean' does, but you might need to escape values before putting them into a query. like this:

$bq1=mysql_escape_string(clean($_POST['bq1']));
$bq2=mysql_escape_string(clean($_POST['bq2']));

etc...

if a user enters ' mark somewhere, your query will break. SQL will treat it as the end of the current value (since u use ' marks to denote text in the query).

druagord — Thu, 22 Jan 2004 22:01:01 +0000

try it like this and see what is the error whe it doesn't work

<?php
 # connect to db and add bio and interest table entries
  $db=mysql_connect($host, $login1, $pass1) or die(\"cannot access mysql\"); # connect
  $fyd=mysql_select_db($dbname, $db) or die(\"cannot access db\"); # select the db
  $addbio=mysql_query(\"INSERT INTO bio (uid, bq1, bq2, bq3, bq4, auth, bio) VALUES
('$uid', '$bq1', '$bq2', '$bq3', '$bq4', '$auth', '$bio')\", $db);
# insert bio info into bio table
  $SQL = \"INSERT INTO interests ($iiif) VALUES ($iiiv)\"
  if(!$addinterests=mysql_query($SQL, $db))
  {
        echo mysql_error().\"<br \>\".$SQL;
  }
# insert interests into interests table
}
?>

like this you should be able to view the query whe it fails and see if you have a logic error in building $iiif and $iiiv