Difference Between trim() and mysql_real_escape_string() ?

Question

samsons17 -4 Posting Whiz in Training

14 Years Ago

I just wanna ask whats the difference between trim() and mysql_real_escape_string() functions?

because i see this code below :

$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));

and myql_prep is a function being made thats contain this :

function mysql_prep( $value ) {
		$magic_quotes_active = get_magic_quotes_gpc();
		$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
		if( $new_enough_php ) { // PHP v4.3.0 or higher
			// undo any magic quote effects so mysql_real_escape_string can do the work
			if( $magic_quotes_active ) { $value = stripslashes( $value ); }
			$value = mysql_real_escape_string( $value );
		} else { // before PHP v4.3.0
			// if magic quotes aren't already on then add slashes manually
			if( !$magic_quotes_active ) { $value = addslashes( $value ); }
			// if magic quotes are active, then the slashes already exist
		}
		return $value;
	}

I hope somebody could explain this to me..

Thank You :)

mysql php

5 Contributors
10 Replies
3K Views
1 Day Discussion Span
Latest Post 14 Years Ago Latest Post by samsons17

json101 0 Light Poster

14 Years Ago

trim (PHP 4, PHP 5)
trim — Strip whitespace (or other characters) from the beginning and end of a string

While inserting data from web forms to databases, trim the posted values to remove the spaces from the left and right sides.

mysql_real_escape_string (PHP 4 >= 4.3.0, PHP 5)
mysql_real_escape_string — Escapes special characters in a string for use in a SQL statement

// Query database to check if there are any matching users
$query = "SELECT * FROM users WHERE user='{$_POST['username']}' AND password='{$_POST['password']}'";
mysql_query($query);

// We didn't check $_POST['password'], it could be anything the user wanted! For example:
$_POST['username'] = 'aidan';
$_POST['password'] = "' OR ''='";

// This means the query sent to MySQL would be:
echo $query;

// RESULT: 
SELECT * FROM users WHERE user='aidan' AND password='' OR ''='' 
This could allow anyone to log in without a valid password.

pssubash 0 Light Poster

14 Years Ago

usually trim() is used to remove white spaces from beginning and end of string.and we can also specify the charecterlist which has to be stripped.
But mysql_real_escape_string() escape special charecters in a string.
This is used to avoid sql injection

rajarajan2017

14 Years Ago

Trim function is very useful to remove the whitespaces. for example if you want to check a value which is stored in the database like "Raja"

In php we difined the value as " Raja" or by mistake a user typed in the textbox as "Raja ". Then when you check with a condition

if ($usertyped==$datafromdatabase) it returns false, but it seems to the user correct
if (" Raja"=="Raja") return false;
if (trim(" Raja")=="Raja") return true;

Hope you understand the function of trim.

Edited 14 Years Ago by rajarajan2017 because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

rajarajan2017 · Answer 1 · 2010-06-03T10:48:54+00:00

TRIM:

http://php.net/manual/en/function.trim.php

mysql_real_escape_string()

http://php.net/manual/en/function.mysql-real-escape-string.php

Hope you get the more clarity from these links.

samsons17 -4 Posting Whiz in Training · Answer 2 · 2010-06-03T12:12:26+00:00

but why is that sometimes we use the trim() and sometimes not??

i think if i'm not using the trim() function,the code will still runs correctly right?
(correct me if i'm wrong)

json101 0 Light Poster · Answer 3 · 2010-06-03T12:21:27+00:00

Trim trims whitespaces;
So you have a form with a textbox asking for the firstname.
I type [[/B] Json [B]] with my two spaces on either side your trim function removes those whitespaces.

I haven't ever used trim - didn't see the need to.

samsons17 -4 Posting Whiz in Training · Answer 4 · 2010-06-03T12:25:01+00:00

owh..so i was correct right?

using the trim or not the code will still works...
seems that the trim() function is useless..huh..

json101 0 Light Poster · Answer 5 · 2010-06-03T12:31:53+00:00

no not useless,
you can use it if you feel that you'll have strange people using your forms.

vaibhav1983 1 Junior Poster · Answer 6 · 2010-06-03T13:02:31+00:00

trim() is used to remove spaces before and after a string.

mysql_escape_string() is used to escape special characters in strings.

Suppose I use
$b=" Vaibhav ";
$a=trim($b);
echo $a; //This will give me "Vaibhav"

Asking this question I assume you must not be aware of sql injection attacks.
mysql_escape_string() helps against that.

Here are some useful link to learn about sql injection attacks.
http://en.wikipedia.org/wiki/SQL_injection
http://technet.microsoft.com/en-us/library/ms161953.aspx

samsons17 -4 Posting Whiz in Training · Answer 7 · 2010-06-03T13:24:09+00:00

owh okay.
I now have fully understanding on this.

Thank You all :)