SQL query inserting extra parentheses?

[subnet_rx]

I'm trying to insert some data in the db, but the below query inserts it with parentheses. Any other combination I try, even taking off all parentheses just results in a query error. What am I doing wrong?

Code:

$db->query_read("INSERT INTO picks_groups (group_title) VALUES ('$db->escape_string($event_name)')");

[Adrian Schneider]

To call a function you need to break out of the double quotes like so,

PHP Code:

$db->query_read("
    INSERT INTO picks_groups 
        (group_title) 
    VALUES (
        '" . $db->escape_string($event_name) . "'
    )
"); 


Used " to close the string, and then . (concat operator) to join it with the next section which calls the escape function, and then . and " again to go back to double quoted string mode.

Another (easier to read / write for some, but not necessarily better) method is this:

PHP Code:

$escaped = $db->escape_string($event_name);

$db->query_read("
    INSERT INTO picks_groups 
        (group_title) 
    VALUES (
        '$escaped'
    )
"); 


[subnet_rx]

Thanks, what is the proper way to clean an array inside $_POST? So, $_POST['outcome'][]

[Dismounted]

PHP Code:

$vbulletin->input->clean_gpc('p', 'outcome', TYPE_ARRAY_UINT); 


The last bit of the type (UINT) can be any of the others, eg. STR, NUM and FILE.

[Marco van Herwaarden]

PHP Code:

$db->query_read("INSERT INTO..... 


INSERT is a write statement, you should not use query_read()

[Adrian Schneider]

lol good catch

[Marco van Herwaarden]

Hehe, i was a bit surprised you did not catch that one, and even copied it to your improved code.

[subnet_rx]

Thanks, I had caught that yesterday after reading through some of the vBulletin developer tools material. Thanks for that answer Dismounted.