how to put a VALUE between mysqli_real_escape_string

Question

I want to store some download counts with the name of the downloadfile in a database. This is working fine:

$filename = $_GET['file'];
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads) 
                         VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");

Now i want to escape the $_GET with mysqli_real_escape_string

When i do it like this, the script is not working anymore:

$filename = mysqli_real_escape_string($_GET['file']);
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads) 
                         VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");

How can i use the mysqli_real_escape_string in this example on the right way?

score 0 · Accepted Answer · answered Apr 15 '15 at 12:12

from php document mysqli_real_escape_string Procedural style

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

so your code should be

$filename = mysqli_real_escape_string($link,$_GET['file']);

how to put a VALUE between mysqli_real_escape_string

1 Answers1