how do I use mysql real escape string?

Question

The code here is still incomplete because I\'m still going to ask you guys on what the proper format/syntax of using mysql escape string. Im still a beginner in php and I wa

Answer 1

You'll need to escape the values before you put them into the query:

$hnum = mysql_real_escape_string($_POST['hnum']);
$query = "INSERT ... VALUES('$hnum')";

If you have a lot of values, you can loop over them:

$values = $_POST;

foreach ($values as &$value) {
    $value = mysql_real_escape_string($value);
}

$query = "INSERT ... VALUES('$values[hnum]')";