Custom function not acting like mysql_real_escape_string ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cut
Forum Commoner
Posts: 39
Joined: Sat Aug 23, 2008 8:01 pm

Custom function not acting like mysql_real_escape_string ?

Post by Cut »

Here is my function:

Code: Select all

 
function safesql($val) {
 mysql_real_escape_string($val);
 return $val;
}
 
I used it to escape the content entered into a textarea. However, when I used an apostrophe, the sql query fails. I changed safesql($mystring) to mysql_real_escape_string($mystring) and it worked. Huh?

For reference, what I'm doing is:

Code: Select all

 
 foreach($form as $key => $value) {
  if($value != $cf[$key]) {
   $q = "UPDATE config SET value='".safesql($value)."' WHERE name='".safesql($key)."'";
   if (!mysql_query($q)) {
    error("Error while updating config values.");
   }
   else {
    $message .= "<p>Option \"".$key."\" updated.</p>";
   }
  }
 }
 
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Custom function not acting like mysql_real_escape_string ?

Post by Christopher »

http://us.php.net/manual/en/function.my ... string.php

Code: Select all

 
function safesql($val) {
 return mysql_real_escape_string($val);
}
Which means your function just adds an extra function call.
(#10850)
Post Reply