Trying to input symbols into MySQL table like these ... (/ " ; ;;'' \)

Trying to save site visitor data into mysql table.
My issue is saving the output of $_SERVER[“HTTP_USER_AGENT”] in to my table because it contains a lot of funky flibber flap characters.

Like when I open this php page it shows my web browser as:
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.16) Gecko/20110319 SUSE/3.6.16-0.2.1 Firefox/3.6.16

How can I get MySQL to save this into my table?

[php]

<?php echo (""); echo ("

Know your visitors

"); // Print the visitor's IP address echo ("Your IP address is: "); $ip_address = getenv('REMOTE_ADDR'); echo $ip_address; // Print the visitor's Web Browser echo ("
"); echo ("Your web browser is: "); $web_browser = $_SERVER["HTTP_USER_AGENT"]; echo $web_browser; // Print the site visitor came from [deprecated] echo ("
"); echo ("The last sight you visited: "); $history = ($_SERVER["HTTP_REFERER"]); echo $history; if ($history==NULL) echo "Could not be determined."; // Print visitor's hostname echo ("
"); echo ("Your hostname: "); $guest_name = (gethostbyaddr($_SERVER['REMOTE_ADDR'])); echo $guest_name; if ($guest_name==NULL) echo "Could not determine hostname."; // Display todays date echo ("
"); echo("This information collected on:"); $hit_date = date("D M d Y"); echo $hit_date; // Display the time of day echo ("
"); echo ("At this time of the day: "); $hit_time = date("h:i a" ,time()); echo $hit_time; echo ("
"); echo ("
"); echo ("

Create a database to store this information

"); echo ("This happens in the background."); echo ("
"); echo ("An error will be shown below if the table has already been created."); echo ("
"); // ---------------------------------------------------------------------------------------------------------------------------------------------------------------- // LOGIN TO MySQL ADD AN ENTRY THEN PRINT IT OUT !! //------------------------------------------------------------------------------------------------------ require_once 'login.php'; $db_server = mysql_connect($db_hostname, $db_username, $db_password); if (!$db_server) die("Unable to connect to mysql:" . mysql_error()); mysql_select_db($db_database) or die("Unable to select database: " . mysql_error()); $query = "CREATE TABLE guests ( id SMALLINT NOT NULL AUTO_INCREMENT, ip_address INT(255) NOT NULL, web_browser VARCHAR(255), history VARCHAR(255) NOT NULL DEFAULT 'blank', guest VARCHAR(255), hit_date VARCHAR(128) NOT NULL, hit_time VARCHAR(128) NOT NULL, PRIMARY KEY (id) )"; $result = mysql_query($query); if (!$result) echo ("Database access failed: " . mysql_error()); echo ("
"); echo ("

Enter data into the database

"); echo ("This also happens in the background"); echo ("
"); echo ("An error message will appear below if it didn't work."); echo ("
"); //$query_write = mysql_real_escape_string($query_write); // Supposed to prevent mysql injection $query_write = "INSERT INTO guests VALUES" . "('', $ip_address', '$web_browser', '$history', '$guest', '$hit_date', '$hit_time')"; if (!mysql_query($query_write)) echo ("Unable to add this entry to database: ". mysql_error()); $query_select = "SELECT * FROM guests"; $result_select = mysql_query($query_select); if ($result_select) die("Database access failed: " . mysql_error()); $rows = mysql_num_rows($result); for ($j = 0 ; $j < $rows ; ++$j) { $row = mysql_fetch_row($result); echo <<<_END
    ID: $row[0]
    IP Address: $row[1]
    Web Browser: $row[2]
    Web History: $row[3]
    Guest: $row[4]
    Date: $row[5]
    Time: $row[6]
    
_END; } echo (""); mysql_close($db_server); ?>

[/php]

The function you are using to escape special characters is correct mysql_real_escape_string(), but you are applying it to a wrong string. You need to escape special characters in each of inserting value in your sql query, not to a query itself:
[php]
$web_browser = mysql_real_escape_string($web_browser);
$guest = mysql_real_escape_string($guest);
$query_write = “INSERT INTO guests (ip_address,web_browser,history,guest,hit_date,hit_time) VALUES (’$ip_address’, ‘$web_browser’, ‘$history’, ‘$guest’, ‘$hit_date’, ‘$hit_time’)”;[/php]

Btw, why do you have IP address field type set as integer in your table? And also you are missing opening single quote in front of $ip_address in your sql query.
There is date/time field type in MySQL, so I think it is best to change this field type as well (you can use date field to query by date range, for example).

Sponsor our Newsletter | Privacy Policy | Terms of Service