php real_escape_string(), query not working anymore

I want to be able to add and update certain information. Now it was all working fine untill I found out the script no longer works when there's quotation marks in the text being sent to the database.

So I've done some research and found out I had to use the mysql_real_escape_string() function to ignore the quotation marks. I've done this but the script now isn't working at all anymore. I think the problem lies in the query part but i don't see the problem. Below is the code:

<?php
if(isset($_POST['bevestiging']))
{   
    $ID = (int)$_GET['ID'];

    $titel = mysql_real_escape_string($_POST['Titel']);
    $ondertitel = mysql_real_escape_string($_POST['ondertitel']);
    $wanneer = mysql_real_escape_string($_POST['wanneer']);
    $datum = mysql_real_escape_string($_POST['datum']);
    $afbeelding = mysql_real_escape_string($_POST['afbeelding']);
    $intro = mysql_real_escape_string($_POST['intro']);
    $main = mysql_real_escape_string($_POST['main']);

    $query = "UPDATE voorstellingen 
              SET '$titel','$ondertitel','$wanneer','$datum','$afbeelding','$intro','$main' 
              WHERE id = $ID";

    mysql_query($query) or die('Error, bewerken van voorstelling is mislukt');  
    $query ="FLUSH PRIVILEGES"; 
    echo"De voorstelling is succesvol bewerkt";
}
else{

    $ID = (int)$_GET['ID'];
    $query="SELECT * FROM voorstellingen WHERE id = $ID";
    $result = mysql_query($query) or die('Error, bewerken van voorstelling is     mislukt');;
?>

Answers


your update query should be like:

$query = "UPDATE voorstellingen SET title = '".$titel."' .....";

See: UPDATE Syntax


mysql_real_escape_string function returns FALSE on errors. You can check the return type of the below line

$titel = mysql_real_escape_string($_POST['Titel']);

to see if it succeeds or not. You do not need to check the next lines. If there is error on first function call, it will very probably mean that no SQL connection is present before invoking the function. Because a MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned.

If the above suggestion does not solve your issue , please elaborate what error exactly are you facing and on which line.


Need Your Help