Hi all,

This is my first post to the list. Have been observing for a few weeks and have 
learnt a lot.

I am having an issue in one of my scripts where using the 
mysql_real_escape_string function is stripping content out of my input data. 
All is working well on my local installation, but when the files are 
transferred over to the live site I am getting problems.

The sample code I am using to test this is as follows:

if(isset($this->mysql)) {
    $query = "update pages set";
    $query .= " `title` = '" . mysql_real_escape_string ($title) . "',";
    $query .= " `text` = '" . mysql_real_escape_string ($text) . "',";
    $query .= " where id = \"$id\"";
echo $query;

The $title, $text and $id values are passed in as parameters when I call the 
method that runs the update, and if I echo them out at the top of the method 
they are all present and correct.

The $mysql class variable is populated with a connection handle when I 
instantiate an instance of the class, and the code is finding the connection as 
it is building the query. On my local machine the query is built using the 
escaped values from the $_POST array, but on the live site the escaped values 
for $title and $text are blank.

Any ideas on where to look for config differences? The main thing I've found so 
far is that this may happen if no connection is present, but it is. Doing a 
var_dump of the connection handle shows that it is the correct handle as well.

Any thoughts?

Many thanks in advance for any help.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to