darkfreaks Posted January 18, 2009 Share Posted January 18, 2009 ok so i am trying to call mysqli_real_escape_string(), but everytime i call it in function fetch() it logs me out of the script and i can not log in. so howdo i call it ??? Function Fetch: <?php function fetch($query) { $db_server = "localhost"; $db_username = "****"; $db_password = "****"; $db_name = "****"; $con=mysqli_connect($db_server,$db_username,$db_password); mysqli_select_db($con,$db_name); if ($result = mysqli_query($con,$query)) { if (mysqli_num_rows($result) == 1) { return mysqli_fetch_assoc($result); } else if (mysqli_num_rows($result) > 1) { while ($row = mysqli_fetch_assoc($result)) { $return[] = $row; } return $return; } return false; } } ?> Quote Link to comment Share on other sites More sharing options...
RussellReal Posted January 18, 2009 Share Posted January 18, 2009 1. I don't understand why you're initializing a mySQL database connection within a function.. 2. I don't see mysqli_real_escape_string, inside that function 3. If you do use it within that function, you're probably using it on the WHOLE query, not the individual values you're trying to test on.. GOOD: $var1 = mysqli_real_escape_string("omg`'%omg!"); $result = mysqli_query("SELECT * FROM `tabname` WHERE `field` = '$var1'"); BAD: $result = mysqli_query(mysqli_real_escape_string("SELECT * FROM `tabname` WHERE `field` = 'omg`'%omg!'")); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.