Re: [PHP] mysql_real_escape_string

Jason Sheets Sun, 03 Aug 2003 19:56:54 -0700

dbc looks like a MySQL Connection Resource, a connection returned from mysql_connect. It looks like this function is using the mysql escape function to make sure the data is properly escaped for that particular database. If you use a function other than mysql_real_escape_string you can remove the $dbc variable.

Jason

Anthony Ritter wrote:

The following function is from Larry Ullman's PHP and mySQL on page 217 -
script 6.8 - in which there is a connection to a mySQL database using PHP.

My question is that I'm not sure of the global variable $dbc.

If I am to understand...this made up function escape_data() will receive a
piece of data - say $_POST['first_name'] - and then check if
magic_quotes_gpc is turned on in the ini file.

If it returned true, then stripslashes will be applied to the data - if it
is not turned on, then slashes will be applied to the data variable.

What is the reason that the global variable $dbc is declared in the
function - I cannot find another instance of $dbc outside of the function in
script 6.8.

Thank you,
Tony Ritter
.....................


function escape_data($data)
{
global $dbc;
if (ini_get('magic_quotes_gpc'))
{
$data=stripslashes($data);
}
return mysql_real_escape_string($data,$dbc);
}
.............................
//check for a first name

if(empty($_POST['first_name']))
{
  $fn=FALSE;
  $message='<p>You forgot to enter you first name</p>';
 }
else
{
 $fn= escape_data($_POST['first_name']);   // calling the function
}
..............

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql_real_escape_string

Reply via email to