特殊字符插入MySQL

Question

Hello I am trying to get special characters to insert into MySQL, as I can't use them.

This what I got so far...

   mysql_query("UPDATE profiles SET .mysql_real_escape_string playground='$_POST[playground]' WHERE
     username='$_SESSION[membersusername]'");

The text form is

<form method="POST" action="playground.php?action=edit">


            <table width="100%" border="0" align="center">
  <tr>
    <td width="341">Playground<br><textarea name="playground" id="maxLength" rows="5" cols="50"><? echo $playground ?></textarea></td>
  </tr>
  <tr>
    <td><input type="submit" name="submit" value="Update" /></td>
  </tr>
          </table>

  </form>   

Hopefully someone will help.

Answer 1

try using this

 $playground = mysql_real_escape_string($_POST[playground]) ;
 mysql_query("UPDATE profiles SET  playground='$playground' 
              WHERE username='".$_SESSION['membersusername']."' ");

change that line

 <td width="341">Playground<br><textarea name="playground" id="maxLength" rows="5" cols="50"><? echo $playground ?></textarea></td>

to

  <td width="341">Playground<br><textarea name="playground" id="maxLength" rows="5" cols="50"></textarea></td>

Answer 2

You have a syntax error in your query, so change as follow

mysql_query("UPDATE profiles SET playground='".mysql_real_escape_string($_POST['playground'])."' WHERE   username='".$_SESSION['membersusername']."'");

As side note i would tell you to use prepared statements with either PDO or mysqli , your code is infact highly vulnerable to mysql injections , learn more here

Answer 3

Query is not correct and it should be

mysql_query("UPDATE profiles 
SET  playground='".mysql_real_escape_string($_POST[playground])."' 
WHERE
username='".$_SESSION[membersusername]."'");

How ever you should stop using mysql_* functions since they are deprecated and start using mysqli_* functions or PDO with prepare statement.