Page 1 of 1

Problem with clean function returning nothing

Posted: Tue Nov 15, 2011 2:43 pm
by davidhopkins
Hello all.

I have a very little script that use to work on an old server but now its on a new one fails to work. THe code is

Code: Select all

//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	//Sanitize the POST values
	$newRef = clean($_POST['newRef']);
	$newTitle = clean($_POST['newTitle']);
	$Notification = clean($_POST['Notification']);
For some reason when i pass variables into this script via a form, i know they are accessible because echoing $_POST['newRef'] returns the value. But when i echo $newRef i get nothing. THe function is bringning back nothing.

Im desperate to get this working. As i say it worked on an old server but not a new one.

Any help would be great

Re: Problem with clean function returning nothing

Posted: Tue Nov 15, 2011 3:08 pm
by Celauran
Cannot duplicate. Works fine for me.

Re: Problem with clean function returning nothing

Posted: Tue Nov 15, 2011 3:27 pm
by davidhopkins
DO you know of any PHP or server settings that can bugger up function returns ? Its deffo not returning anything =[

Re: Problem with clean function returning nothing

Posted: Tue Nov 15, 2011 3:38 pm
by McInfo
Check the error log or enable error reporting/display in the script. See Error Handling.

One possibility is that the MySQL extension is not installed on the server, making mysql_real_escape_string() undefined. A call to an undefined function triggers a fatal error and halts the script.

Re: Problem with clean function returning nothing

Posted: Tue Nov 15, 2011 5:38 pm
by pickle
Ya, about the only thing I can see is maybe MySQL isn't installed.

And a semantic note: to me, a clean() function should strip away extraneous stuff, like trim & stripslashes. I don't think mysql_real_escape_string() should be in there because it adds characters. For example, if a user enters "O'Neil" in a form, that function will turn it into "O\'Neil", which would not be suitable for displaying back to the user.

I'd have 1 function to actually clean the string, and another to prepare it for DB injection.