I want to be able to add and update certain information. Now it was all working fine untill I found out the script no longer works when there's quotation marks in the text being sent to the database.
So I've done some research and found out I had to use the mysql_real_escape_string()
function to ignore the quotation marks. I've done this but the script now isn't working at all anymore. I think the problem lies in the query part but i don't see the problem. Below is the code:
<?php
if(isset($_POST['bevestiging']))
{
$ID = (int)$_GET['ID'];
$titel = mysql_real_escape_string($_POST['Titel']);
$ondertitel = mysql_real_escape_string($_POST['ondertitel']);
$wanneer = mysql_real_escape_string($_POST['wanneer']);
$datum = mysql_real_escape_string($_POST['datum']);
$afbeelding = mysql_real_escape_string($_POST['afbeelding']);
$intro = mysql_real_escape_string($_POST['intro']);
$main = mysql_real_escape_string($_POST['main']);
$query = "UPDATE voorstellingen
SET '$titel','$ondertitel','$wanneer','$datum','$afbeelding','$intro','$main'
WHERE id = $ID";
mysql_query($query) or die('Error, bewerken van voorstelling is mislukt');
$query ="FLUSH PRIVILEGES";
echo"De voorstelling is succesvol bewerkt";
}
else{
$ID = (int)$_GET['ID'];
$query="SELECT * FROM voorstellingen WHERE id = $ID";
$result = mysql_query($query) or die('Error, bewerken van voorstelling is mislukt');;
?>
your update query should be like:
$query = "UPDATE voorstellingen SET title = '".$titel."' .....";
See: UPDATE Syntax