Stack Overflow
Stack Overflow

Questions tagged [mysql-real-escape-string]

A PHP function that escapes special characters in a string for use in an SQL statement. This function has been deprecated and should not be used in new code.

mysql_real_escape_string is a PHP function which is used to escape special characters in SQL string literals, aiming to produce a correct string literal that can be safely used in an SQL statement, without the danger of breaking the query, causing an error or injection.

This should be used for string literals only.

This function is already deprecated, along with the rest of the mysql extension.

The mysql extension has been replaced by the mysqli extension and the PDO library. Both of these have their own escaping functions, but they also both support prepared statements (mysqli, PDO), which should be used instead of manual escaping.

Related tag

375 questions
0
votes
1 answer

how do you programmatically tell whether a mysql connection is present?

I get this error when I run mysql_real_escape_string($value). Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to MySQL server on 'localhost' (10061) in ... I wrapped up the functionality in a nice class like…
Average Joe
  • 4,521
  • 9
  • 53
  • 81
-1
votes
2 answers

mysql_real_escape_string removes the &-char

I have a link: http://www.adress.com/Article.aspx?ID=262839&R=R1 After using mysql_real_escape_string on it, it changes to http://www.adress.com/Article.aspx?ID=262839 So it removes everything from the &-char: "&R=R1". Why? And how can I fix…
Thomas
  • 33
  • 4
-1
votes
1 answer

mysql_real_escape_string is not placing escape characters

Correct my if I'm wrong, but I thought mysql_real_escape_string was supposed to place escape characters in front of character like (') and ("). The simple setup that I am using is below. I was expecting to see the new record created with…
John R
  • 2,920
  • 13
  • 48
  • 62
-1
votes
2 answers

mysql_real_escape_string() function not working in wordpress WP_Query?

We have tried this way. But it is not working. please any one tell alternative method in wordpress $wpdb->query("UPDATE ".$wpdb->prefix."recommend_bets SET `title`='".mysqli_real_escape_string($title)."',`category`='".$catID."',....
Arun Kumar
  • 1,607
  • 1
  • 18
  • 33
-1
votes
2 answers

Mysql real escape string not working for textarea apostrophe on insert getting syntax error

Whenever I'm trying to insert data that has an apostrophe in it, I receive a mysql syntax error Example text in textarea : I'm an alien will throw a syntax error when I try to insert in the database. I'm using real_escape_string and still is not…
Sebastian Farham
  • 815
  • 2
  • 13
  • 27
-1
votes
2 answers

Why mysql_real_escape_string not working in this code?

Why mysql_real_escape_string not working in this code ? Normally, when load page input will be look like this. http://image.free.in.th/v/2013/ie/160812064246.jpg But When you load page www.example.com/test.php?value_1="> Why input look like…
peat wedty
  • 55
  • 1
  • 5
-1
votes
2 answers

mysql_real_escape_string is not working in cakephp

mysql_real_escape_string is not working in cakephp . I am getting error like below . mysql_real_escape_string(): Access denied for user 'root'@'localhost' (using password: NO) [APP/Controller/add.php, line 123] database connection:
svwsvw svwsvw
  • 29
  • 2
  • 8
-1
votes
1 answer

MySqli Real Escape Not Working

I've been using a script to upload articles to my website and done a bit of maintainance and now when I add an article on the server it's adding slashes to my text. Here is the code that I'm using: $con =…
user3177012
  • 663
  • 2
  • 8
  • 19
-1
votes
1 answer

MySQL IFNULL() with multiple tables still isn't working

I know I already asked this question here but haven't had a good answer so I try it again and this time I hope I can give enough information for you guys. Before I ask my question I'll show you how I created (the usefull part of) my database: CREATE…
MichaelDeBoey
  • 2,335
  • 1
  • 19
  • 19
-1
votes
2 answers

Escaping backslashed doublequote combined with a doublequote? (ie. \"")

I have the following code: "; mysql_query( "insert into db (code) values…
ArboledaJF
  • 23
  • 3
-1
votes
1 answer

Escape string in codeigniter

Is there any function in codeigniter similar to mysql_real_escape_string() I have tried $this->db->escape() but no luck below code works $surname = mysql_real_escape_string($request['3']); // O'relley-max but other CI method not working any…
Rakesh Sharma
  • 13,680
  • 5
  • 37
  • 44
-1
votes
1 answer

how to add mysql_real_escape_string() in this code

$id = $_GET['id']; $getfile = $db->query('select * from file where id = '.$id, database::GET_ROW); $folq = $db->query("select id as pid,folder,name as catname,name,thumb,pathc from category where id = ".$parentid, database::GET_ROW); when i used…
user3286153
  • 1
-1
votes
2 answers

mysqli_real_eascape_string gives error

I have a problem with mysql real escape string.
Merijndk
  • 1,674
  • 3
  • 18
  • 35
-1
votes
1 answer

add mysql_real_escape_string() after str_replace()

How to add mysql_real_escape_string() after str_replace()? $s='+'.str_replace(' ',' +',rawurldecode($_GET['search'])); $sql = ' SELECT * from table where match (keywords) AGAINST ('".mysql_real_escape_string($s)."' IN BOOLEAN MODE) order by…
yuli chika
  • 9,053
  • 20
  • 75
  • 122
-1
votes
3 answers

Error when using `mysqli::escape_string`

Im just using mysqli::escape_string to prevent errors from " ` "'s and this error appears: How can I fix this? Thanks! ----------------------------------------------------------EDIT----------------------------------------------------------- I…
mn6vdv23g
  • 734
  • 2
  • 10
  • 33
1 2 3
24 25