Security Issues

 
Post new topic   Reply to topic    Aprelium Forum Index -> Databases
View previous topic :: View next topic  
Author Message
pkSML
-


Joined: 29 May 2006
Posts: 952
Location: Michigan, USA

PostPosted: Sat Sep 08, 2007 3:49 pm    Post subject: Security Issues Reply with quote

I'm making a database for a new website. I'm using some code I grabbed from another site, but it's not working.

The problem is with this function:
Code:
   //Function to sanitize values received from the form. Prevents SQL injection
   function clean($str) {
      if(!get_magic_quotes_gpc()) {
         $str = @trim(mysql_real_escape_string($str));
      }
      else {
         return @trim($str);
      }
   return $str;}


All my form variables run through this function, but it mysql_real_escape_string is returning false. I do have a MySQL connection while this function is being run.

I tried mysql_escape_string and it works perfectly, despite it being a deprecated function.

So, what's wrong with mysql_real_escape_string?

Thanks in advance.
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
pkSML
-


Joined: 29 May 2006
Posts: 952
Location: Michigan, USA

PostPosted: Mon Sep 10, 2007 10:23 pm    Post subject: Reply with quote

Problem solved.

I still believe mysql_real_escape_string() was returning false, but the if statement did not have a return. How dumb!
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> Databases All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group