In ecommerce1, shouldn't we be using escape_data() instead of mysqli_real_escape_string() when checking forms anyway?
Do we not want to be trimming the data off form fields like escape_data() does or at least adding trim to all the checks of the form fields in say register.php?
Or if there is a reason we don't want to trim data off a particualr field, can we not add an else clause to escape_data() that matches the fields we dont want trimmed then returns an untrimmed version of the data? then that way making use of escape_data() in the application
Regards,
Rob