music_lp90 Posted April 23, 2010 Share Posted April 23, 2010 Hi all,I cannot figure out what I am doing wrong here. This is something I've done a number of times before, but for some reason the "signature" that's getting inserted into the db is not getting escaped. If I echo it out, it is escaped, but not in the database.Here's the code: if(isset($_GET['signature'])){ $signature = $_GET['signature']; if($signature != ''){ $id = $_GET['id']; $ip = $_SERVER['REMOTE_ADDR']; $date = date('m-d-Y H:i:s'); $date2 = date('Y-m-d H:i:s'); // Stripslashes if (get_magic_quotes_gpc()){ $signature = stripslashes($signature); } $signature = mysql_real_escape_string($signature); //echo "<p>Signed: " . $signature ."</p>"; // Insert Signature into DB $sql_add_sig = "INSERT INTO `build_list_signature` (`userid`, `signed`, `date`) VALUES ('$id','$signature','$date2')"; mysql_query($sql_add_sig); // Send email for records $sql_get_user = "SELECT * FROM `jos_users` WHERE `id` = '$id'"; $data = mysql_query($sql_get_user); while($results = mysql_fetch_array($data)){ $name = $results['name']; $email = $results['email']; } $msg = $name."\n".$email."\n\nI acknowledge and understand I can not hold ### responsible in any way for the work the builder I hire does.\n\n"; $msg .= "Signed: ".$signature."\n".$date."\n\nIP: ".$ip; $subj = $name . '\'s Builder List Signature'; if(get_magic_quotes_gpc()){ $subj = stripslashes($subj); $msg = stripslashes($msg); } mail('###@###.com', $subj, $msg); // Return Success echo '1'; } else { echo "<p style=\"color:#ff0000;\">You must sign.</p>"; }} else { echo "<p style=\"color:#ff0000;\">You must sign.</p>";} Thanks for your help! Link to comment Share on other sites More sharing options...
justsomeguy Posted April 23, 2010 Share Posted April 23, 2010 What do you mean it's not escaped in the database? Does the text get inserted into the database correctly? Link to comment Share on other sites More sharing options...
music_lp90 Posted April 23, 2010 Author Share Posted April 23, 2010 What do you mean it's not escaped in the database? Does the text get inserted into the database correctly?Woops...I was thinking it should show up in the DB like John\'s Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.