I'm setting up a client log in system and im trying to escape strings so that special characters dont create an error. But I know im doing it wrong, and the manual isn't really helping

the $cnx->escape_string($clientID) part. I don't even know if I'm putting it in the right place.

edit:

this is the part where i define $cnx and clientID

Well, first of all, name your variables better. If you're going to look back at your clients code after 2 projects and 3 months ... you MUST know what it all means. So, instead of $cnx I would name it $connectionID or $connID.

The part you are trying to solve, I guess, is the query part.

$cnx-> indicates that it is an object, which I don't see created anywere. (using __construct, autoload or even new className)

The thing you want, is to escape the function with, lets say, addslashes or mysql_real_escape_string();

printf and sprinf is what you should be using. printf imidiatly displays the string and sprintf just makes is whole.

In this case, you would create a function named escapeValue() and that filters and ONLY returns the escaped value. Since you won't have to do this on a password (it being a salt with a string, hashed by md5, sha1, both or even base64_encode (d )), you should also make a value to encrypt the password.

__________________

"Life is a bitch, take that bitch on a ride"

Not to be a flamer but yeah the variable names :P
i would use printf in this case.

__________________
Codefreek's - News Letter, Tech, & some random ramblings