Custom function not acting like mysql_real_escape_string ?
Posted: Sat Aug 30, 2008 3:25 pm
Here is my function:
I used it to escape the content entered into a textarea. However, when I used an apostrophe, the sql query fails. I changed safesql($mystring) to mysql_real_escape_string($mystring) and it worked. Huh?
For reference, what I'm doing is:
Code: Select all
function safesql($val) {
mysql_real_escape_string($val);
return $val;
}
For reference, what I'm doing is:
Code: Select all
foreach($form as $key => $value) {
if($value != $cf[$key]) {
$q = "UPDATE config SET value='".safesql($value)."' WHERE name='".safesql($key)."'";
if (!mysql_query($q)) {
error("Error while updating config values.");
}
else {
$message .= "<p>Option \"".$key."\" updated.</p>";
}
}
}