Incorrect use of the mysql_real_escape_string function

Hi everyone

if (isset($_GET['text'])) {
    $text = $_GET['text'];
} else {
    $text = 0; 
}
$text = mysql_real_escape_string($_REQUEST['$text']);
echo $text;

To enter the data into the database, I decided to use the mysql_real_escape_stringfunction, which escapes special characters, but instead the data began to disappear. To check, I decided to write the code (indicated above), if you remove the second line – everything works, with the second line – nothing works.
Tell me what I did wrong?


Answer 1, authority 100%

$text = mysql_real_escape_string($text);

You should read at least what you wrote. Check _GET, use _REQUEST(what happens with post-request?), Check key 'text', use '$text'.


Answer 2, authority 100%

You are referring to [‘$text’], not [‘text’].
In general, use PDO, it’s more reliable.

Leave a reply

Please enter your comment!
Please enter your name here