Hi all,
This is my first post to the list. Have been observing for a few weeks and have learnt a lot.
I am having an issue in one of my scripts where using the mysql_real_escape_string function is stripping content out of my input data. All is working well on my local installation, but when the files are transferred over to the live site I am getting problems.
The sample code I am using to test this is as follows:
if(isset($this->mysql)) {
$query = "update pages set";
$query .= " `title` = '" . mysql_real_escape_string ($title) . "',";
$query .= " `text` = '" . mysql_real_escape_string ($text) . "',";
$query .= " where id = \"$id\"";
}
echo $query;
The $title, $text and $id values are passed in as parameters when I call the method that runs the update, and if I echo them out at the top of the method they are all present and correct.
The $mysql class variable is populated with a connection handle when I instantiate an instance of the class, and the code is finding the connection as it is building the query. On my local machine the query is built using the escaped values from the $_POST array, but on the live site the escaped values for $title and $text are blank.
Any ideas on where to look for config differences? The main thing I've found so far is that this may happen if no connection is present, but it is. Doing a var_dump of the connection handle shows that it is the correct handle as well.
Any thoughts?
Many thanks in advance for any help.
Nigel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
