what dumb thing am i doing? mysqli_real_escape_string on $this-variable...

[scotchegg78]

mysqli_real_escape_string does nothing here...

 

$this->description = filter_var($_POST['description'],FILTER_SANITIZE_STRING);
	echo $this->description = mysqli_real_escape_string($this->db_link,$this->description);

 

but works here..

 

echo mysqli_real_escape_string($this->db_link,"tt't");

 

$this->description is just a text string from a form.

[trq]

You cant echo and assign at the same time.

[scotchegg78]

what ? Yes you can ?

 

I have realised I do not need to use mysqli_real_escape_string as I have used the php filter_input function already, which has turned the single quote into ' , hence mysqli_real_escape_string is not picking it up.

 

Pretty sure thats it.