1

i simply pass 3 values to the URL and while testing i was trying to echo them back to the screen but it will only echo each value once even though i have set it to echo at various points. once i escape the value it wont let me echo it. Why is this?

<?php
    session_start();
    if (isset($_SESSION['SESSION_C']) && ($_SESSION['SESSION_C']==true))
    {
        $getyear = $_GET["Year"];
        echo $getyear; (IT WILL ECHO AT THIS POINT)
        $getyear = mysql_real_escape_string($getyear);
        echo $getyear; (BUT WONT ECHO HERE)

        $getsite = $_GET["Site"];
        echo $getsite;
        $getsite = mysql_real_escape_string($getsite);
        echo $getsite;
        $getsite = str_replace(' ', '', $getsite);
        echo $getsite;

        $getdoc =  $_GET["Doc"];
        echo $getdoc;
        $getdoc = mysql_real_escape_string($getdoc);
        echo $getdoc;
    }   
    else 
    {
        echo "sessionerror";
    }
?>
Kam
  • 15
  • 3
  • You shouldn't be using the deprecated PHPs mysql_* extension, instead mysqli_* or PDO should be used, for security and maintainability. More here: http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – pilsetnieks Apr 25 '13 at 23:15

1 Answers1

4

mysql_real_escape_string() requires a open connection to mysql. Otherwise it will return false. I guess var_dump($getdoc); will give you boolean(false).

You'll have to call mysql_connect() before that code.

hek2mgl
  • 152,036
  • 28
  • 249
  • 266
  • you are welcome! note that you should not use mysql_* functions for new code. They are deprecated. Use PDO or mysqli_* instead. I prefer PDO – hek2mgl Apr 25 '13 at 22:44