Jump to content

NULL and mysql_real_escape_string() problem exist


robert_gsfame

Recommended Posts

I have this kind of query

 

function clean($string) {

    if(get_magic_quotes_gpc()) {

        return stripslashes($string);

    }else{

    return $string;

    }

}

function check($data) {

  return empty($data) ? 'NULL': "'".mysql_real_escape_string(clean($data))."'";

}

 

$checkquery=mysql_query(sprintf("SELECT * FROM TABLE1 WHERE email=%s AND column1=%s AND column2=%s AND column3=%s",

check($email),

check($columnfill1),

check($columnfill2),

check($columnfill3)));

$checknumrow=mysql_num_rows($checkquery);

if(!empty($checknumrow)){}else

 

if((!empty($email))&&(!empty($columnfill1))&&(!empty($columnfill2))){

$insertquery=mysql_query(sprintf("INSERT INTO TABLE1 VALUES(%s,%s,%s,%s)",

check($email),

check($columnfill1),

check($columnfill2),

check($columnfill3))));}

 

 

All user input will be then checked whether it has been exist, if true then no record will be added into database.

 

When using double single quotes '' instead of having NULL inside database, i dont get any problem..but then when i modify the code and wish to have a null value assigned, i get this problem where record added and added although they already exist

 

which part is wrong?

 

thanks

 

 

NULL and '' are not the same value. If your database contains an empty value and you use WHERE field=null in your query it will not match. Check your database with phpMyAdmin, if the null checkbox is ticked then SELECTing WHERE field=null will match it, if it isn't then it won't.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.