NULL and mysql_real_escape_string() problem exist

[robert_gsfame]

I have this kind of query

 

function clean($string) {

    if(get_magic_quotes_gpc()) {

        return stripslashes($string);

    }else{

    return $string;

    }

}

function check($data) {

  return empty($data) ? 'NULL': "'".mysql_real_escape_string(clean($data))."'";

}

 

$checkquery=mysql_query(sprintf("SELECT * FROM TABLE1 WHERE email=%s AND column1=%s AND column2=%s AND column3=%s",

check($email),

check($columnfill1),

check($columnfill2),

check($columnfill3)));

$checknumrow=mysql_num_rows($checkquery);

if(!empty($checknumrow)){}else

 

if((!empty($email))&&(!empty($columnfill1))&&(!empty($columnfill2))){

$insertquery=mysql_query(sprintf("INSERT INTO TABLE1 VALUES(%s,%s,%s,%s)",

check($email),

check($columnfill1),

check($columnfill2),

check($columnfill3))));}

 

 

All user input will be then checked whether it has been exist, if true then no record will be added into database.

 

When using double single quotes '' instead of having NULL inside database, i dont get any problem..but then when i modify the code and wish to have a null value assigned, i get this problem where record added and added although they already exist

 

which part is wrong?

 

thanks

 

 

[cags]

NULL and '' are not the same value. If your database contains an empty value and you use WHERE field=null in your query it will not match. Check your database with phpMyAdmin, if the null checkbox is ticked then SELECTing WHERE field=null will match it, if it isn't then it won't.