passing a mysql_query with a multi-word variable

Ya, that helps. I just couldn't figure out why these two commands dont jive:

This works just fine with a multi-word variable:

mysql_query("INSERT INTO continents (continent_name) VALUES('$cont') ")or die(mysql_error());

But this fails....just seems inconsistent:

$result=mysql_query("SELECT continent_name FROM continents WHERE continent_name='$cont'") or die(mysql_error());;

I don't really get this:mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. ----What exactly is this function doing if $var is "North America"? Is x00=" "?

Learning php/mysql, bound to ask "stupid" questions, thanks for not pointing and laughing.

Maybe this is too late to be helpful.

\x00 = null

check out:
http://www.asciitable.com/
http://www.lookuptables.com/

mysql_real_escape_string() isn't doing anything for "North America", its just good practice to escape or verify (e.g. that an integer value is indeed an integer) any value you are inserting into a database. Ideally you would check to see if magic_quotes_gpc is on (which is a php ini setting) and if so strip the string 'stripslashes()'and then return the mysql_real_escape_string() value of the same string. So that you don't end up double escaping. Not to be confusing.

You should also be careful with how you pass variables to queries if you use '', the variable will be interpreted as a literal string '$cont'. Where if you use "" the variable value will be evaluated for its value 'North America'. So in your example of:

mysql_query("INSERT INTO continents (continent_name) VALUES('$cont') ")or die(mysql_error());

continent_name will end up $cont. Where as if you use:

mysql_query("INSERT INTO continents (continent_name) VALUES('" . $cont . "') ")or die(mysql_error());

continent_name will end up being the value of $cont which is what you are looking for. Though you should still escape it.
using a globally available alias / utility function is very helpful with this sort of thing.

public function mres($value=null)
{
if(get_magic_quotes_gpc() || get_magic_quotes_runtime()) {
$this->value = $this->stripslashes_deep($value);
} else {
$this->value = $value;
}

if (is_array($this->value)) {
foreach($this->value as $k => $v)
{
$this->value[$k] = mysql_real_escape_string($v);
}
} else {
$this->value = mysql_real_escape_string($this->value);
}
return $this->value;
}

public function stripslashes_deep($value=null)
{
if (is_array($value)) {
$result = array_map(array($this, __FUNCTION__), $value);
} else {
$result = stripslashes($value);
}
return $result;
}

So it might look like:

mysql_query("INSERT INTO continents (continent_name) VALUES('" . mres($cont) . "') ")or die(mysql_error());

So your 'SELECT' query is looking for a continent_name named $cont and not North America.

$result = mysql_query("SELECT continent_name FROM continents WHERE continent_name='" . $cont . "'") or die(mysql_error());

Should work.

Hopefully this doesn't mess you up more than help, anything that maybe inaccurate isn't intentional.

Regards...