mysql_real_escape_string()
am 07.09.2009 11:39:02 von AndrewJames
Hey guys,
whenever i try to perform this function on my $variables before using them
in sql queries it deletes them and returns my variable as nothing, ''.
this is how i am using it.
my login.php form
$username = check_input($_POST['username']);
$password = check_input($_POST['password']);
my check_input() function
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
if (!is_numeric($value))
{
echo "just before->" . $value . "<-";
$value = mysql_real_escape_string($value);
echo "just after->" . $value . "<-";
}
return $value;
}
my return values
just before->andrew<-
just after-><-
any clues??
I call require in a php file which defines my functions used here.
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org
AW: mysql_real_escape_string()
am 07.09.2009 11:49:00 von Majk.Skoric
>-----Ursprüngliche Nachricht-----
>Von: AndrewJames [mailto:andrewhudds@gmail.com]=20
>Gesendet: Montag, 7. September 2009 11:39
>An: mysql@lists.mysql.com
>Betreff: mysql_real_escape_string()
>
>Hey guys,
>
>whenever i try to perform this function on my $variables before using =
them=20
>in sql queries it deletes them and returns my variable as nothing, ''.
From http://de.php.net/mysql_real_escape_string
mysql_real_escape_string
"Returns the escaped string, or ___FALSE__ on error."
-echo "just after->" . $value . "<-";
+echo "just after->" . var_dump($value) . "<-";
false is evaluated as an empty string! Thats why you see nothing!
watch -> php_error.log
you'll probably find something like "cannot connect to mysql...."
mysql_real.... needs a connection to a mysql DB!
Majk
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg
AW: AW: mysql_real_escape_string()
am 07.09.2009 13:41:31 von Majk.Skoric
>-----Ursprüngliche Nachricht-----
>Von: AndrewJames [mailto:andrewhudds@gmail.com]=20
>Gesendet: Montag, 7. September 2009 13:37
>An: Skoric, Majk
>Betreff: Re: AW: mysql_real_escape_string()
Dont forget to put the list in!
>hmmm, my mysql_real... function call is below my db connection, so =
there=20
>should be a $conn allready. It works perfectly if do not=20
>mysql_real_escape_string(), but wont log me in if i do..
>
>i get this
>Warning: mysql_real_escape_string() =
[function.mysql-real-escape-string]:=20
>Access denied for user 'ODBC'@'localhost' (using password: NO)
$link =3D mysql_connect('....');
....
mysql_real_escape_string($foo, $link);
function mysql_... takes a link as 2nd parameter. Use it then!
Majk
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg