Hi all, Im having a bit of a problem with the function mysql_real_escape_string. Once a variable has been passed through this fuction is it possible to pass the value again in a previous page.

An example would be if a variable id is checked and passed and this value is then passed to another page through the URL, is it possible to check the variable again to ensure injection is being prevented. Hope this makes sense!
Any help would be greatly appreciated.

Mike

mysql_real_escape_string() should only be used when passing a value to a query. I would not use it on raw data that is to be passed between separate pages, functions, objects, etc., as its only purpose is for escaping characters with special meanings in MySQL, and there is no guarantee that those other entities will be using that data in a query (and if they are, it's their responsibility to sanitize any data they are using from external sources).