mysql_real_escape_string problem

[biggerboy]

I am using this for login and a few other things instead of just returning the value like 'this is the value' is is returning it like 'this is the value''this is the value. I couldn't see the cause maybe someone here can. Thanks!

my code for the sql_sant is:

 

function sql_sant($value)
{
    if( get_magic_quotes_gpc() )
    {
          $value = stripslashes($value);
    }
    //check if this function exists
    if( function_exists( "mysql_real_escape_string" ) )
    {
      if (!is_numeric($value))
        {
        $value = "'" . mysql_real_escape_string($value) . "'";
        }
       else
       { 
          $value = mysql_real_escape_string($value);
          }
          }
        //for PHP version < 4.3.0 use addslashes
    else {
    	
      if(!is_numeric($value))
      { 
          $value = "'" . addslashes($value) . "'";
      }
      
      else      
      {
      $value = addslashes($value);
      }
    }    
   

    return $value;
}

 

My code for login.php is:

require("header.php");
if(isset($_SESSION['username']))
{
header('Location: index.php ');
}

if($_POST['action'] == 'login') 
{
$username = $_POST['username'];	
$username = sql_sant($username);	
$password = $_POST['password'];	
$password = sql_sant($username);	
echo $username;
if(login($username,$password)) 
	{	
	header('Location: index.php');	
	} 
else
	{
	$error_message = "Invalid username/password";

[MadTechie]

I see it

<?php
$username = $_POST['username'];	
$username = sql_sant($username);	
$password = $_POST['password'];	
$password = sql_sant($username); //<--SURELY You MEAN $password not $Username
?>

[biggerboy]

Wow can't believe I missed that, I will test it. Thanks always can use another set of eyes.