2

I am runing PHP Version 5.4.44 on my website and try to us mysql_real_escape_string but it does not give me any thing .mysql_real_escape_string works just fine in localhost on my computer.Example Code

 <?php
    echo 'What is Your Name='.mysql_real_escape_string("my name is ");
    ?>

It output

What is Your Name=

Saty
  • 22,443
  • 7
  • 33
  • 51
Usman Mustafa
  • 77
  • 1
  • 8

2 Answers2

2

mysql_real_escape_string

mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement

This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.

So you need to create a databsae connection before use of mysql_real_escape_string

$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
    OR die(mysql_error());

   echo 'What is Your Name='.mysql_real_escape_string("my name is ");

Output

What is Your Name=my name is

Updated

As per our discussion you are using mysqli so you are mixing mysql and mysqli in your code

mysqli_real_escape_string($con,("my name is 'kk/'");//pass first parameter your database connection
Saty
  • 22,443
  • 7
  • 33
  • 51
  • Not Working @Saty include("define.php"); $con=mysqli_connect(DB_SERVER,DB_USER,DB_PASS,DB_NAME); if (mysqli_connect_errno()){ echo "Failed to connect to MySQL: " . mysqli_connect_error(); } else{ echo ' What is Your Name='.mysql_real_escape_string("my name is 'kk/'"); } – Usman Mustafa Oct 30 '15 at 06:43
  • mixing mysql and mysqli in your code. both are different. Either use mysql or mysqli – Saty Oct 30 '15 at 06:44
  • i am use mysqli for connect and try mysql_real_escape_string and mysqli_real_escape_string both not work @Saty – Usman Mustafa Oct 30 '15 at 06:46
  • `mysqli_real_escape_string($con,("my name is 'kk/'");` pass first parameter your $con variable – Saty Oct 30 '15 at 06:47
  • `echo 'What is Your Name='.mysql_real_escape_string("my name is ");` - this line makes no sense. – zerkms Oct 30 '15 at 06:48
  • its just a example use of my problem @zerkms – Usman Mustafa Oct 30 '15 at 06:49
  • Have you pass first parameter as your database connection and checked – Saty Oct 30 '15 at 06:51
  • Have you tried with `mysqli_real_escape_string($con,("my name is 'kk/'");` – Saty Oct 30 '15 at 06:54
  • it work i am just forget to use $con in my mysqli_real_escape_string because mysql_real_escape_string works with out $con.thanks you Very much @Saty – Usman Mustafa Oct 30 '15 at 06:55
0

Is your database connection successful? Do you see any errors or warnings?

If its working fine on the localhost, check the connection string used to connect to the server.

Also, the function mysql_real_escape_string deprecated in PHP 5.5.0. You might want to look at mysqli_real_escape_string.

sql_handle
  • 139
  • 5