Page 1 of 1

Custom function not acting like mysql_real_escape_string ?

Posted: Sat Aug 30, 2008 3:25 pm
by Cut
Here is my function:

Code: Select all

 
function safesql($val) {
 mysql_real_escape_string($val);
 return $val;
}
 
I used it to escape the content entered into a textarea. However, when I used an apostrophe, the sql query fails. I changed safesql($mystring) to mysql_real_escape_string($mystring) and it worked. Huh?

For reference, what I'm doing is:

Code: Select all

 
 foreach($form as $key => $value) {
  if($value != $cf[$key]) {
   $q = "UPDATE config SET value='".safesql($value)."' WHERE name='".safesql($key)."'";
   if (!mysql_query($q)) {
    error("Error while updating config values.");
   }
   else {
    $message .= "<p>Option \"".$key."\" updated.</p>";
   }
  }
 }
 

Re: Custom function not acting like mysql_real_escape_string ?

Posted: Sat Aug 30, 2008 4:09 pm
by Christopher
http://us.php.net/manual/en/function.my ... string.php

Code: Select all

 
function safesql($val) {
 return mysql_real_escape_string($val);
}
Which means your function just adds an extra function call.