Posted by bill on 12/24/06 12:39

Tim Van Wassenhove wrote:
> bill schreef:
>> from: http://us3.php.net/mysql_real_escape_string
>>
>> // Quote variable to make safe
>> function quote_smart($value)
>> {
>> // Stripslashes
>> if (get_magic_quotes_gpc()) {
>> $value = stripslashes($value);
>> }
>> // Quote if not a number or a numeric string
>> if (!is_numeric($value)) {
>> $value = "'" . mysql_real_escape_string($value) . "'";
>> }
>> return $value;
>> }
>>
>> However when I pass it a null string it returns just a single double
>> quote.
>> It would be easy to fix, but I don't understand why it does this.
>
> All mysql_real_escape_string does is replace characters... Since php
> will replace NULL with an empty string, the mysql_real_escape_string
> returns an empty string.. .So value becomes the concatenation of ',
> empty string and '.
>
> I think your confusion comes from the fact that $value = "NULL" and
> $value = null both mean different things.... And on top of that in a SQL
> query "NULL" and NULL mean different things too....
>
>
>
Actually, my eyes were failing. I read '' as ". It was working
fine.

bill

• Next in forum: Re: regular expression
• Prev in forum: Re: how to hide PHP from browser?
• Thread view: Re: quote smart fails with null string

[Reply to this message]