Jump to content

mysql_real_escape_string problem

biggerboy

By biggerboy
in PHP Coding Help

Recommended Posts

biggerboy Newbie

biggerboy

Posted
Posted

I am using this for login and a few other things instead of just returning the value like 'this is the value' is is returning it like 'this is the value''this is the value. I couldn't see the cause maybe someone here can. Thanks!

my code for the sql_sant is:

 

function sql_sant($value)
{
    if( get_magic_quotes_gpc() )
    {
          $value = stripslashes($value);
    }
    //check if this function exists
    if( function_exists( "mysql_real_escape_string" ) )
    {
      if (!is_numeric($value))
        {
        $value = "'" . mysql_real_escape_string($value) . "'";
        }
       else
       { 
          $value = mysql_real_escape_string($value);
          }
          }
        //for PHP version < 4.3.0 use addslashes
    else {
    	
      if(!is_numeric($value))
      { 
          $value = "'" . addslashes($value) . "'";
      }
      
      else      
      {
      $value = addslashes($value);
      }
    }    
   

    return $value;
}

 

My code for login.php is:

require("header.php");
if(isset($_SESSION['username']))
{
header('Location: index.php ');
}

if($_POST['action'] == 'login') 
{
$username = $_POST['username'];	
$username = sql_sant($username);	
$password = $_POST['password'];	
$password = sql_sant($username);	
echo $username;
if(login($username,$password)) 
	{	
	header('Location: index.php');	
	} 
else
	{
	$error_message = "Invalid username/password";

Link to comment
https://forums.phpfreaks.com/topic/74209-mysql_real_escape_string-problem/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.