if($_SESSION['s_logged_n'] == 'true'){
$server = $panel->real_escape_string($_GET['ip']);
$dn = $panel->real_escape_string($_GET['newname']);
$query = $panel->query(
"UPDATE `Registered` SET `displayname` = '$dn' WHERE `owner`='".$_SESSION['s_username']."' AND `server`='$server'"
);
}
Above is the code that I am using. $panel is a connection to the database, which works. I've been banging my head for hours working with this stuff in order to try and escape the quotes.
You are not using mysqli_real_escape_string
you are using the method real_escape_string
that belongs to the objects $panel
now if that is just another name for mysqli_real_escape_string
then it is not used to "strip" quotes, it is used to make a legal SQL query. Quotes are not an illegal entity. I would suggest simply str_replace()
if you want to specifically target quotations.
EDIT
jeroen beat me in the comments :p
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.