if (isset($_GET['text'])) { $text = $_GET['text']; } else { $text = 0; } $text = mysql_real_escape_string($_REQUEST['$text']); echo $text; 

To mysql_real_escape_string data into the database, I decided to use the mysql_real_escape_string function, which escapes special characters, but instead the data began to disappear. To check, I decided to write the code (specified above), if you remove the second line - everything works, with the second line nothing works.
Tell me what I did wrong?

  • one
    Stop immediately using all (begging) snares starting with mysql_ *. Do you really know nothing about PDO, MySqli? By issue: $ _REQUEST ['$ text']. Strange entry. Maybe you meant $ _REQUEST ['text'] or $ _REQUEST [$ text]? Sure the error is here. - Vitaly Kustov

2 answers 2

 $text = mysql_real_escape_string($text); 

You would have read at least something written. Check _GET , _REQUEST (what will happen with the post-request?), Check the 'text' key, use '$text' .

    You refer to ['$ text'], not to ['text']. In general, use PDO , so safer.

    • That man speaks the truth. PDO use. Then (abstractly) we get your govnokod with zero tolerance. @jfk, honor and praise to you)) - Vitaly Kustov