#20 problem with quote detection on mysql_real_escape_string ?

[Anonymous]

Hello,

This one I'm not absolutely sure about wether it's a bug report or more of a support request.
I am getting reports of a sing due to usage of mysql_real_escape_string without quotes in a code like the following :

$token = mysql_real_escape_string($_GET['token']);
$data1 = mysql_fetch_array(mysql_query("SELECT token FROM table WHERE token='" . $token . "'"));

It pretty much seems to me that there is in fact quotes but that rips is just failing to find them.
Am I right or do I just do everything wrong ?

Thanks