php - mysqli_real_escape_string and stripslashes returning blank variables -
i using following code clean variables returned forms. swapped on mysql mysqli result function below stripping variables being blank.
//start session session_start(); //include database connection details require_once('config.php'); //array store validation errors $errmsg_arr = array(); //validation error flag $errflag = false; //connect mysql server $link = mysqli_connect(db_host, db_user, db_password); if(!$link) { die('failed connect server: ' . mysqli_error()); } //select database $db = mysqli_select_db($link,db_database); if(!$db) { die("unable select database"); } //function sanitize values received form. prevents sql injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysqli_real_escape_string($link,$str); } //sanitize post values $login = clean($_post['login']); $password = clean($_post['password']); //input validations if($login == '') { $errmsg_arr[] = 'login id missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'password missing'; $errflag = true; } //if there input validations, redirect login form if($errflag) { $_session['errmsg_arr'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } so every time type in valid username , password redirects me login page saying both fields in fact blank. moment remove 'clean' function around post values starts working again.
i'm new mysqli can't see i'm doing wrong. can help?
thanks
you shouldn't show db info.
try do:
mysql_real_escape_string
Comments
Post a Comment