Hi all,
This is my first post to the list. Have been observing for a few weeks and have
learnt a lot.
I am having an issue in one of my scripts where using the
mysql_real_escape_string function is stripping content out of my input data.
All is working well on my local installation, but when the files are
transferred over to the live site I am getting problems.
The sample code I am using to test this is as follows:
if(isset($this->mysql)) {
$query = "update pages set";
$query .= " `title` = '" . mysql_real_escape_string ($title) . "',";
$query .= " `text` = '" . mysql_real_escape_string ($text) . "',";
$query .= " where id = \"$id\"";
}
echo $query;
The $title, $text and $id values are passed in as parameters when I call the
method that runs the update, and if I echo them out at the top of the method
they are all present and correct.
The $mysql class variable is populated with a connection handle when I
instantiate an instance of the class, and the code is finding the connection as
it is building the query. On my local machine the query is built using the
escaped values from the $_POST array, but on the live site the escaped values
for $title and $text are blank.
Any ideas on where to look for config differences? The main thing I've found so
far is that this may happen if no connection is present, but it is. Doing a
var_dump of the connection handle shows that it is the correct handle as well.
Any thoughts?
Many thanks in advance for any help.
Nigel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
