I’m a newbie at PHP and would really appreciate assistance with my problem:-
I have designed a simple form where data is inputted and then the data inserted into a MYSQL table. However I have created this program to sanitise this data before it is inserted.
However when I do a print $username, I don’t see anything. Also when I remove the protect() and $username becomes $_POST[‘username’], then I can see the output from the print $username. I do know that the protect function isn’t working because the rest of the program isn’t
executed.
What sort of output should I be seeing from the protect function?
You’re making a common mistake using that function.
Why do you need to use mysql_real_escape_string() and addslashes in the same function on the same string? - I’m interested because they both basically do pretty much the same thing. You don’t seem to understand that and because of this you’ve basically just thrown them into the same function and hoped for the best.
strip_tags… well its for output to a html page really (EG to prevent people inserting redirecting javascript into your guestbook for instance). I suppose you could use it prior to DB insertion so that you don’t need to use it when pulling stuff back out but its not ideal.
Also another quick question, when you run your php program and you don’t see an output(meanwhile you have previously checked the code for syntax errors), where is that error output stored? Is it put into a particular file and if so, what is the name of the file? If that isn’t the case, do you know if it would be possible for me to port the output of the file into an error file so I can read why the program isn’t delivering an output?
Not really. The only logs are from the webserver typically. PHP doesn’t really log anything.
If a variable isn’t output for whatever reason there could be any number of reasons - php just does as its told and checks for syntax errors. As long as the syntax is ok then it just runs the code. It doesn’t know that your instructions might be wrong etc.
