I am trying to use quoteSmart to safely format my input, however it always comes back as empty when I am using quoteSmart leading me to assume that I am doing something wrong or not calling it in the right way ?
$user= new DataObjects_user;
$password=mysql_escape_string(($password));
DB_DataObject::debugLevel(5);
$username=$_REQUEST['username'];
$password=encryptpass($_REQUEST['password']);
$user->query("select activated,userid,email,username from {$user->__table} where (username = ".$user->quoteSmart($username)." or email=".$user->quoteSmart($username).") AND password =".$user->quoteSmart($password)." ");
if($user->fetch())
{ //more code here
Thanks
Please try to understand how to use DB_DataObjects correctly. You are not supposed to write your own SQL with them.
If you only want to send your own SQL, use PDO instead.