Inserting embed code in database PHP issue
hey, I'm trying to insert an embed code in my database, and it's giving me this error
Error adding new data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'movie.php?id=6001',
type = 'stream',
embed = '<object width=\"500\" he' at line 1
now t开发者_如何转开发his is the code i'm using :
$sql = "INSERT INTO videos SET
title = '".mysql_escape_string($title)."',
urltitle = '".slug(mysql_escape_string($title))."',
description = '',
category = 'streams',
first_img = '".mysql_escape_string($imgurl)."',
o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."',
type = 'stream',
embed = '".mysql_escape_string($embed)."',
last_updated = '".date("Y-m-d")."',
date_added = '".date("Y-m-d")."'";
anyone see any problems?
Thanks!
You should use mysql_real_escape_string()
and you should apply it on the whole value for full security and better readability.
In your case, you have an extra '
here:
o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."',
----------------------------------^
精彩评论