So, I've got some pretty basic code that I can't get to work quite right. I'm using the ezSQL class (http://justinvincent.com/ezsql), but that's working fine. Everything works fine, except when I try to use a sanitize function (get_post). I'm using two other functions, sanitizeString and sanitizeMySQL when I call the function get_post. If I just $_POST the data right to the SQL table, it works fine. It's only when I go thru the post function that it breaks. Here's the posting bit:
if (isset($_POST['username']) &&
isset($_POST['password']))
{
$username = get_post('username');
$password = get_post('password');
$db->query("INSERT INTO users VALUES ('$username', '$password')");
}
Like I said, I'm using a class (that's what the $db->query stuff is about), but that's working perfectly. If I change the code to this:
if (isset($_POST['username']) &&
isset($_POST['password']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$db->query("INSERT INTO users VALUES ('$username', '$password')");
}
it works fine. Here are the three functions I'm using for sanitizing:
// Sanitize Functions
function sanitizeString($var)
{
if (get_magic_quotes_gpc()) $var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
function sanitizeMySQL($var)
{
$var = mysql_real_escape_string($var);
$var = sanitizeString($var);
return $var;
}
function get_post($var)
{
return sanitizeMySQL($_POST['$var']);
}
I've even tried just changing the get_post function to contain a mysql_real_escape_string return, and even that doesn't work. Also, I guess I should clarify what actually happens when I try to use the get_post function. It appears to create a new row in the table, but with completely empty cells. Hope you guys can shed some light on what I'm doing wrong! I'm a pretty experienced front-end developer, but I'm kinda learning the ropes with server-side stuff. Thanks :)
ninjaEdit: I found this question Are these two functions overkill for sanitization? which is definitely helpful in making my sanitize functions better, but it doesn't really help me with why mine aren't working in the first place.