When I run the query, I get errors if a value in the form has a quote/apostrophe character. When I print out the query, I notice that the quotes aren't backslashed.. (Or does it handle that in the background?) What am I doing wrong here?
Except as noted in the following, I tried your code and it works on a PHP5 system (I only mention the PHP version as it is possible that the type/value returned by get_magic_quotes_gpc() and the action of having the "reference" operator & could be different between versions of PHP.)
If either of the fields in the query are CHAR, VARCHAR, or TEXT, the values in the query string need single-quotes around them. Since your existing code operates on the whole query string, it will escape these needed quotes and cause a mysql error. You must pass each variable through this code to escape what is in the variable instead of the way it is doing it now.
The "reference" operator & has no meaning in this code and is not necessary.
There is a slight chance that get_magic_quotes_gpc() returns an ON/OFF or True/False value in your version of PHP and your use of the === comparison with the value 1 will fail. What do you get if you echo get_magic_quotes_gpc()?
You state that you get an error. Please post the actual error message to get the best possible help with this problem.
hi, thank you for the reply. sorry i've been working on this thing and haven't check dbforums in awhile.
when i echo get_magic_quotes_gpc(), it shows a '1'.
this is the error i get
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2006-10-30 10:51:58' , '2006-10-30 10:51:58')' at line 6
when i echo the query (using a test string of r'), it shows this:
About the only thing that could cause magic_quotes_gpc to not escape the single-quotes in the GET/POST data from the form would be the magic_quotes_sybase setting (this should cause two single-quotes which it does not appear is occurring, but it would take seeing your current actual code to be sure what else might be occurring.)