Search code examples
phpmysqlmysql-real-escape-string

PHP query returning true but if statement still being run

I'm having a problem while sending a query and it's driving me a bit insane, here's what I'm talking about:

 $query = "INSERT INTO combined(v_products_model, v_products_image, v_products_description_1, v_products_name_1, v_products_quantity, v_tax_class_title, v_status, EOREOR) " .
            "VALUES ('$fileName', '$fileName', '$description', '$description', '10', '--none--', 'Active', 'EOREOR')";
    mysql_real_escape_string($fileName);
    mysql_real_escape_string($description);
    $queryResult = mysql_query($query, $connect);
//  die(var_dump($queryResult));

if (!$queryResult) {
    die("Error with query: line 40 <br>
                 Query: $query <br>
                 Error: " . mysql_error());
}

For some reason the if statement always runs, I've tried putting $queryResult == false as the argument as well but it's the same result.

I know $queryResult is not false because I ran a die() statement on it and it returned '1', I also ran var_dump and it returned 'boolean true'.

mysql_error() never returns any result. If anyone could tell me why the block is running I'd appreciate it.

Here's what is actually printed, and by the way it's not escaping the query either:

Error with query: line 40 
Query: INSERT INTO combined(v_products_model, v_products_image, v_products_description_1, v_products_name_1, v_products_quantity, v_tax_class_title, v_status, EOREOR) VALUES ('ts_aiw_wereall.jpg', 'ts_aiw_wereall.jpg', 'ALICE IN WONDERLAND we're a sk PUR TS S', 'ALICE IN WONDERLAND we're a sk PUR TS S', '10', '--none--', 'Active', 'EOREOR') 
Error:
Solution

  • From your generated query:

    'ALICE IN WONDERLAND we're a sk PUR TS S'
                       ^--- unescaped quote

    Since you're doing mysql_real_escape_string() AFTER you generate the query string, you're NOT escaping the text going into the query, and your query is failing. PHP will not magically reach back in time and rejigger your $query = ... line to reflect the values of the escape call.

    That doesn't explain why the error message is not being displayed. About all I can think o is that you've got multiple connections open to MySQL, and are executing the query on the $connect connection, which is NOT the default connection (e.g. last one created), so the mysql_error() is returning error results from some OTHER connection which has no errors.

    Try mysql_error($connect) and see if you get any error messages.