View previous topic :: View next topic |
Author |
Message |
pkSML -
Joined: 29 May 2006 Posts: 952 Location: Michigan, USA
|
Posted: Sat Sep 08, 2007 3:49 pm Post subject: Security Issues |
|
|
I'm making a database for a new website. I'm using some code I grabbed from another site, but it's not working.
The problem is with this function:
Code: | //Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
if(!get_magic_quotes_gpc()) {
$str = @trim(mysql_real_escape_string($str));
}
else {
return @trim($str);
}
return $str;} |
All my form variables run through this function, but it mysql_real_escape_string is returning false. I do have a MySQL connection while this function is being run.
I tried mysql_escape_string and it works perfectly, despite it being a deprecated function.
So, what's wrong with mysql_real_escape_string?
Thanks in advance. _________________ Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
Back to top |
|
|
pkSML -
Joined: 29 May 2006 Posts: 952 Location: Michigan, USA
|
Posted: Mon Sep 10, 2007 10:23 pm Post subject: |
|
|
Problem solved.
I still believe mysql_real_escape_string() was returning false, but the if statement did not have a return. How dumb! _________________ Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
Back to top |
|
|
|