As Bart said mysql_real_escape_string works with strings, not with arrays.
The reason your $_POST['game']
is an array is because you have it named game[]
. You can try with one value if you change the name to game
.
Although we want the code to work with multiple choices. You can change the PHP code like this:
<?php
if(isset($_POST['submit']))
{
$query=mysql_connect('localhost','root','');
mysql_select_db("freeze",$query);
$choice = array();
foreach($_POST['game'] as $game) {
$choice[]=mysql_real_escape_string($game);
}
$choice1=implode(',',$choice);
mysql_query("insert into tb values('','$choice1')");
}
?>
By the way, can you tell us what is your database structure? It seems you are making a big mistake with saving all the values the user picked in just one cell. It should work, but it's not a very good way of storing data in database (it's not compilant with any data bases standards).
EDIT:
Also I noticed there is an easier way to fix it (it seems someone who wrote the code misplaced two lines):
<?php
if(isset($_POST['submit']))
{
$query=mysql_connect('localhost','root','');
mysql_select_db("freeze",$query);
$choice=implode(',',$_POST['game']);
$choice1=mysql_real_escape_string($choice);
mysql_query("insert into tb values('','$choice1')");
}
?>