I need help debugging php

[Raunkus2]

In these few php lines, the first and the last lines are executed without any problem, but the middle two lines are ignored as if they are not even there.  Any suggestions?

Code:

echo "<script type='text/javascript'>alert('Web Site Under Test -- line 440');</script>";

$tempstr = addslashes($where_sql);
echo "<script type='text/javascript'>alert('$where_sql -- '".$where_sql."');</script>";

echo "<script type='text/javascript'>alert('Web Site Under Test -- line 445');</script>";
						

[goivvy]

put

ini_set('display_errors', 1);

at the top and run it again - do you any errors?

is $where_sql initialized?

[Bitsky]

Code:

echo "<script type='text/javascript'>alert('Web Site Under Test -- line 440');</script>";

$tempstr = addslashes($where_sql);
echo "<script type='text/javascript'>alert('$where_sql -- ".$where_sql."');</script>";

echo "<script type='text/javascript'>alert('Web Site Under Test -- line 445');</script>";

[maybach1980]

Brisky had fixed it for u, but i would like to suggest also : addslashes use it only on POST & GET variables, do not use it with full query
for example
$mypost = addslashes($_GET['id']);
$sql = "SELCET * FROM `tables` WHERE `id`='.$mypost';";

[Bitsky]

Brisky had fixed it for u, but i would like to suggest also : addslashes use it only on POST & GET variables, do not use it with full query
for example
$mypost = addslashes($_GET['id']);
$sql = "SELCET * FROM `tables` WHERE `id`='.$mypost';";

It's 2017. Stop building queries like that, use prepared statements and forget all those crutches to avoid injections.

[maybach1980]

im not the one who is using???

[Bitsky]

im not the one who is using???

I'm talking about your example. It's bad practice and should be deprecated.
Building queries like that is the reason why injections exist and are so common.
addslashes shouldn't exist in PHP, nor should it's replacement mysqli_real_escape_string because it promotes bad code.

[cryptocoinplay]

I don't know php really, just came here to learn something form you guys!!!

[maybach1980]

im not the one who is using???

I'm talking about your example. It's bad practice and should be deprecated.
Building queries like that is the reason why injections exist and are so common.
addslashes shouldn't exist in PHP, nor should it's replacement mysqli_real_escape_string because it promotes bad code.

of-course is not safe...its been years i do not see it getting used. i didn't said it is or using it. just gave a suggestion to the OP so he wont get error...