hello everyone,
i have read through other post but could not resolve my issues. i need someone to see to my code. i am trying
mysql_real_escape_string for my datas. but the one without it can insert properly while the one with the mysql_escape does not. from my code, i am able to insert lastname into database but not the firstname. i connected to my database first because i read to use mysql_real_escape_string you have to be first connected.and i do not want to work without taking sql injection into account. could someone help please
include ('config.php');
if (isset($_POST['formsubmitted'])) {
$dbc = @mysqli_connect($servername,$firstname,$dbpassword,$database );
if (!$dbc) {
trigger_error('no connection to MySQL: ' . mysqli_connect_error());
}
if (empty($_POST['firstname'])) {
$error[] = 'Please Enter a first name ';
} else {
$firstname = mysql_real_escape_string( stripslashes( $_POST[ 'firstname' ] ) );
}
if (empty($_POST['lastname'])) {
$error[] = 'Please Enter a last name ';
} else {
$lastname = $_POST[ 'lastname' ] ;
}