List:General Discussion« Previous MessageNext Message »
From:AndrewJames Date:September 7 2009 9:39am
Subject:mysql_real_escape_string()
View as plain text  
Hey guys,

whenever i try to perform this function on my $variables before using them 
in sql queries it deletes them and returns my variable as nothing, ''.

this is how i am using it.

my login.php form
$username = check_input($_POST['username']);
$password = check_input($_POST['password']);

my check_input() function
function check_input($value)
        {
                // Stripslashes
                if (get_magic_quotes_gpc())
                {
                  $value = stripslashes($value);
                }
                if (!is_numeric($value))
                {
                        echo "just before->" . $value . "<-";
                        $value = mysql_real_escape_string($value);
                        echo "just after->" . $value . "<-";
                }
                return $value;
        }

my return values
just before->andrew<-
just after-><-

any clues??

I call require in a php file which defines my functions used here. 

Thread
mysql_real_escape_string()AndrewJames7 Sep
  • AW: mysql_real_escape_string()Majk.Skoric7 Sep