So I have this snippet of code

<?php
function escapefcn($text){
if (get_magic_quotes_gpc()){
$text=stripslashes($text);
}
return nl2br(mysql_real_escape_string(htmlentities($text)));
}
$id = $_POST['id'];
$name = escapefcn($_POST['name']);
echo $name;
$value = escapefcn($_POST['value']);
echo $value;
print_r($_POST);
//my connector goes here
$sql = "UPDATE vphodata SET varname = '".$name."', varvalue = '".$value."' WHERE id = ".$id;
echo $sql;
//$result = mysql_query($sql) or die("Unable to issue update: ".mysql_error());
echo "It's good.";
?>


For whatever reason, whenever i call my escapefcn, it returns nothing. nada. zip. zilch. it's the one i stole from Nogdog since he posts it here a lot. I added NL2BR since I'll be using it on a textarea. right after call $value and $name are both null, going in, $_POST['name'] and $_POST['value'] are both set correctly. So anyone see why it's setting them to null? or am i just going crazy now?

Try wrapping the entire expression after return in parentheses. (Not sure, but I think I recall having run into unexpected behavior when not doing so.)

Aha: from www.php.net/return :
Note: Note that since return() is a language construct and not a function, the parentheses surrounding its arguments are only required if the argument contains an expression. It is common to leave them out while returning a variable, and you actually should as PHP has less work to do in this case.

nope. no change.

and, not to mention, the first time i did this i said to myself "hey what could go wrong" and i overwrote all the database entries after i put them in after escaping them... did i save them? no. grrr.

And I just realized this from the manual.


Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.


since i called it before the link is made, i get false back. fixed.

nope. no change.

and, not to mention, the first time i did this i said to myself "hey what could go wrong" and i overwrote all the database entries after i put them in after escaping them... did i save them? no. grrr.

And I just realized this from the manual.



since i called it before the link is made, i get false back. fixed.
Oh, yeah, that one caught me before - but I think I was running with error_reporting(E_ALL) so I caught it right away. :)

any changes to error_reporting on my site fail. host overrides it, they have it forced to off.

i really need to get a new host.

does this make a difference:


$return_val = nl2br(mysql_real_escape_string(htmlentities($text)));
return $return_value;

also, if no value is specified, then the function returns null. try to echo the POST variable before calling the function to make sure it's set.

any changes to error_reporting on my site fail. host overrides it, they have it forced to off.

i really need to get a new host.I don't know what you have tried to get around this problem. If you are on Apache try adding the following two lines to .htaccess.php_value display_errors 1
php_value error_reporting 2047

Try moving your "//my connector goes here"

above the call to the function. mysql_real_escape_string won't work without an active DB connection.

Try moving your "//my connector goes here"

above the call to the function. mysql_real_escape_string won't work without an active DB connection.

And I just realized this from the manual.

since i called it before the link is made, i get false back. fixed.

I don't know what you have tried to get around this problem. If you are on Apache try adding the following two lines to .htaccess.php_value display_errors 1
php_value error_reporting 2047

If I remember correctly, I tried that at one point. About 2 days later I got an email from someone at my hosting company saying that with an .htaccess file that modifies execution, they will not support any requests that I make.

just curious, who's your host?

with an .htaccess file that modifies execution, they will not support any requests that I make.This is why I run my own server... No harm in running a test though.