CODEWITHSUNDEEP
php
Fredrik Westerlund
Fredrik Westerlund

Reputation: 133

mysqli_real_escape_string not working properly

I've searched and yet nothing I find seems to work.

My problem is that when using special characters as ' the input query breaks. Now, I tried using the mysqli_real_escape_string on my string, but this returns a blank value. I read that the mysqli_real_escape_string should be placed AFTER the database connection, and as far as I know, that is what I have done, yet it returns blank values.

Here's the code:

<?php

session_start();


if (isset($_POST['submit'])) {
    require_once 'connect.php';

    $title = mysqli_real_escape_string($_POST['title']);
    $article = mysqli_real_escape_string($_POST['article']);

    $query = "INSERT INTO Articles
                (Title, content)
                VALUES 
                ('$title', '$article')";

    $result = mysqli_query($connect, $query) or die('could not query database');

    $_SESSION['artcle'] = 1;
    $_SESSION['artcle'] = $title;


    mysqli_close($connect);
    header('Location: CENSORED');
}
?>

Upvotes: 1

Views: 2215

Answers (2)

Sutharshan
Sutharshan

Reputation: 21

Or 

$title = $connect->real_escape_string($_POST['title']);

Upvotes: 0

John Conde
John Conde

Reputation: 219924

You forgot your resource parameter:

$title = mysqli_real_escape_string($connect, $_POST['title']);

PHP Manual

Upvotes: 2

Related Questions