mysql_real_escape_string causing strange errors
Posted: Thu Mar 08, 2007 9:15 am
Here's the problem, I'm trying to "clean" user input with mysql_real_escape_string(), for some reason, it's destroying all variables it touches. Here is a simplified version of the code I'm using:
With the database code here:
Can anyone help with this?
Code: Select all
$connector = new DbConnector($dbuser,$dbpass,$dbname);
foreach($_GET as &$tmp) {
$tmp=$connector->escape_string($tmp);
//print $tmp;
}Code: Select all
<?php
class DbConnector {
var $dbUser;
var $dbPass;
var $dbHost;
var $database;
var $connector;
function DbConnector($user,$pass,$base) {
$this->dbUser = $user; //default guest account
$this->dbPass = $pass;
$this->database = $base;
$this->connect();
}
function connect() {
//$connector = mysql_connect(localhost,$this->dbUser,$this->dbPass);
$connector = mysql_connect("webdev",$this->dbUser,$this->dbPass);
if(!$connector) {
echo "<h3>DB Connection Error</h3>\n";
print "<p>Error Code 007</p>\n";
echo mysql_error();
exit;
}
else {
mysql_select_db($this->database, $connector);
if(!mysql_select_db($this->database, $connector)) {
print "<h3>Unable To Select Database, You Have No Rights Scumbag!</h3>\n";
print "<p>Error Code: 008</p>\n";
echo mysql_error();
exit;
}
}
}
//skip through
function escape_string($input) {
return mysql_real_escape_string($input,$connector);
}
}
?>