$_POST echos wrong value

Dev Shed Forums Sponsor:

November 4th, 2009, 06:18 PM

behnampmdg3

hanibal hector

Join Date: Aug 2007

Posts: 537

Time spent in forums: 5 Days 16 h 11 m 49 sec
Reputation Power: 63

$_POST echos wrong value

Hello;
I use this form to clean the form inputs and it works fine:

PHP Code:


		
			
function escape_string($data)

 {    

if(is_array($data)) 

  {       

$ret = array();

foreach($data as $key=>$value)

      {

         $ret[$key] = escape_string($value);

      }     

 return $ret;   

}   

else 

  {    

  if(!is_numeric($data))  

    {         

 if(get_magic_quotes_gpc())   

          {               

 $data = stripslashes($data); 

            }     

    $data = mysql_real_escape_string($data); 

         echo $test = "Values so far:".$data; 

}     

 return $data;  

 } 

}  // call clean function 

$clean_data = escape_string($_POST);

This part prints:
Values so far:\'\'\'
Which is correct. The magic quotes are off and the code does what it's supposed to do; adding slashes.

Now when I write the query later like this:

PHP Code:


		
			
echo $q="SELECT * FROM customers WHERE emailaddress  = '".$_POST['email']."'";

This prints :
SELECT * FROM customers WHERE emailaddress = '''''

What happened to the backslashes?????????????????

November 4th, 2009, 07:47 PM

E-Oreo

Contributing User

Join Date: Dec 2004

Posts: 3,311

Folding Points: 945 Folding Title: Novice Folder

Time spent in forums: 3 Weeks 1 Day 11 h 42 m 14 sec
Reputation Power: 2243

$_POST isn't passed as a reference to escape_string and you never assign the return value of escape_string back into $_POST (which is good practice anyway so you shouldn't change that). Your query should be using $clean_data instead of $_POST['email'].

November 4th, 2009, 08:12 PM

behnampmdg3

hanibal hector

Join Date: Aug 2007

Posts: 537

Time spent in forums: 5 Days 16 h 11 m 49 sec
Reputation Power: 63

Quote:

Originally Posted by E-Oreo

Your query should be using $clean_data instead of $_POST['email'].

Thanks, looks good

Viewing: Dev Shed Forums > Programming Languages > PHP Development > $_POST echos wrong value

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump

Free IT White Papers!

How to Present Effectively Online
This white paper offers practical and actionable advice on the key steps that any presenter should consider as they plan and execute a Webinar or online meeting.

Open Source Security Myths
Open Source Software (OSS) is computer software whose source code is available to the general public with relaxed or non-existent intellectual property restrictions (or arrangement such as the public domain), and is usually developed with the input of many contributors.

Power and Cooling Capacity Management for Data Centers
This paper describes the principles for achieving power and cooling capacity management.

Scalable, Fault-Tolerant NAS for Oracle - The Next Generation
For several years NAS has been evolving as a storage alternative for Oracle databases, and for good reason: NAS is quite often the simplest, most cost-effective storage approach for Oracle. Learn about the benefits that HP's approach to scalable NAS brings to Oracle environments in this comprehensive white paper.

Understanding Web Application Security Challenges
This white paper discusses many common threats and preventive measures for Web application security, and explains what you can do to help protect your organization.

More Free IT White Papers!