When the following code is used without mysql_real_escape_string, it works fine. I'm just trying to grab a text string that may have an apost. from the input form and format it to put in mysql table.
<?php $filenamee = $_FILES["file"]["name"]; $filename =strval($filenamee); echo "file name is".$filename; $con=mysqli_connect("localhost","blasbott_admin","lubu1973","blasbott_upload"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $companyName = mysql_real_escape_string($_POST['companyName']); // $companyName = mysql_real_escape_string($companyNamee); //$companyName = mysql_real_escape_string($companyNamee); $sql="INSERT INTO ads (companyName, webSite, picture) VALUES ('$companyName','$_POST[webSite]','$filename')"; if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } echo"<br>"; echo "1 record added"; mysqli_close($con); ?>
source share