OK, thanks. I think you guys are right. It's just safer and simpler than writing my function and probably not really slower either. need a db connection anyway. Read a bit on the function and yeah, a bit of screwed up binary data might yet cause funny errors although the xml is a feed from a trusted source. You guys are great! Faster with answers than i can search. Almost feel tempted not to search.... Nah i still search first. :-) Tim-Hinnerk Heuer http://www.ihostnz.com Emo Philips - "I was the kid next door's imaginary friend." 2009/2/22 Robert Cummings <robert@xxxxxxxxxxxxx> > On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote: > > Hi everyone, > > > > Can anyone here tell me why mysql_real_escape_string("asdasddas") returns > an > > empty string? > > > > Just writing a data import... > > > > Anyway, for security but also simply because i might have a ' in the > string, > > i need to escape it. Apparently it is good practice to use > > mysql_real_escape_string() but it simply doesn't work at all on this > > machine. I thought it's a rather standard function. > > > > Is it maybe my Apache server setup? But i thought the function wouldn't > > exist then and throw an error in the php script, but it runs through > fine. > > > > Please help, we need this data import by next week hence i'm working > now... > > > > I can send you details of the server setup if required. Please let me > know > > what as there are quite a few things... It's xampp on windows xp > > (testing/dev machine). > > RTFM: > > Note: A MySQL connection is required before using > mysql_real_escape_string() otherwise an error of level > E_WARNING is generated, and FALSE is returned. If > link_identifier isn't defined, the last MySQL connection > is used. > > And turn your error reporting on or check your logs. > > Cheers, > Rob. > -- > http://www.interjinn.com > Application and Templating Framework for PHP > >