0

i'm tring to insert into my database the following string: "รจ" but each time i try in the database nothing is added. This is the code that i use to insert.

$string = mysql_real_escape_string($_REQUEST['string_passed']);
$query = "UPDATE my_table SET my_field = '$string' WHERE id = '$id'";

In my connection.inc.php file i have following code.

mysql_connect("localhost", "root", "") or die("Problem: ".mysql_error());
mysql_select_db("my_db") or die("Poblem: ".mysql_error());
mysql_query('SET NAMES utf8');

I know, i can insert $string using htmlentities but there is any other solution?

Moby Dick
  • 25
  • 1
  • 6
  • Also dont use the `mysql_` database extension. Its been deprecate for years and will dissapear in PHP7 completely. Instead learn [`mysqli` or `PDO`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) โ€“ RiggsFolly Sep 29 '15 at 15:51
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). โ€“ Jay Blanchard Sep 29 '15 at 15:53
  • You're creating the query but you're not showing how are you executing it. Please show the relevant code. โ€“ Alfabravo Sep 29 '15 at 16:01

1 Answers1

0

mysql_real_escape_string Escapes special characters in a string for use in an SQL statement.that is what you will see in its manual page. (by the way it is deprecated in php 5.5, use mysqli::real_escape_string)

haseeb
  • 682
  • 5
  • 16