my_real_escape_string problem

{
// Stripslashes
if (get_magic_quot es_gpc()) {
$value = stripslashes($v alue);
But when I replace the quote_smart function with the normal addslashes
function, it works. (my default magic_quotes_gp c = off)

when magic_quotes_gp c = off, what is the difference between
addslashes($var ) and my_real_escape_ string($var).
>
I use a function from php manual like this:
>
function quote_smart($va lue)
{
// Stripslashes
if (get_magic_quot es_gpc()) {
$value = stripslashes($v alue);
}
// Quote if not integer
if (!is_numeric($v alue)) {
$value = " ' " . mysql_real_esca pe_string($valu e) . " ' ";
}
return $value;
}
>
>
I use it with a select query like this: "select * from table where id
= ".quote_smart($ _GET["id"]) and it doesn't work (no result returned).
But when I replace the quote_smart function with the normal addslashes
function, it works. (my default magic_quotes_gp c = off)
>

function quote_smart($va lue)
{
// Stripslashes
if (get_magic_quot es_gpc()) {
$value = stripslashes($v alue);
}
// Quote if not integer
if (!is_numeric($v alue)) {
$value = " ' " . mysql_real_esca pe_string($valu e) . " ' ";
}
return $value;
}

mun wrote:>
Code defensively...
>
function quote_smart ($value)
{
if (is_numeric($va lue))
return $value;
>
if (get_magic_quot es_gpc())
$value = stripslashes($v alue);
>
if (function_exist s('mysql_real_e scape_string'))
return mysql_real_esca pe_string($valu e);
>
trigger_error(" mysql_real_esca pe_string function does not exist!");
return addslashes($val ue);
>
}
>
Does that work OK? Try it a few times. Now check your PHP error log and
see if a surprise message awaits!
>
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
>
* = I'm getting there!