Stack Overflow
Stack Overflow

Questions tagged [mysql-real-escape-string]

A PHP function that escapes special characters in a string for use in an SQL statement. This function has been deprecated and should not be used in new code.

mysql_real_escape_string is a PHP function which is used to escape special characters in SQL string literals, aiming to produce a correct string literal that can be safely used in an SQL statement, without the danger of breaking the query, causing an error or injection.

This should be used for string literals only.

This function is already deprecated, along with the rest of the mysql extension.

The mysql extension has been replaced by the mysqli extension and the PDO library. Both of these have their own escaping functions, but they also both support prepared statements (mysqli, PDO), which should be used instead of manual escaping.

Related tag

375 questions
-1
votes
1 answer

mysql syntax error: mysql not allowing certain characters to be processed

Am one step away from reading from a file and writing the data to a table in my database. Everything works correctly except when writing to the table in my database. This is the error message i get: could not load. You have an error in your SQL…
user2650237
  • 7
  • 1
-1
votes
2 answers

get_magic_quotes_gpc() and mysql_real_escape_string - security

i am practicing php and I am puzzled while interpreting a function to escape dangerous sql characters. i want to know how it works especially the $value in the second if. its quiet puzzling for me to understand the actual flow of function. function…
user2591221
  • 29
  • 1
  • 9
-1
votes
2 answers

Automating insertion of mysql_real_escape_string

DISCLAIMER: I UNDERSTAND THE FUNCTIONS ARE ON TOP OF THE TO-DO-DEPRECATION LIST. ALL WARNINGS ARE JUST PREACHING TO THE CHOIR. anyway. I have found myself in the employment of a company using the mysql_* functions. That isnt bad enough aparently…
Nick
  • 171
  • 10
-1
votes
1 answer

Do i need to unescape the Encrypted String after using mysql_real_escape_string on it?

In PHP, i have a action.php page, i have a string which is stored into a variable $myString = "Foo Bar"; I'm encrypting this string using AES256 with the following function : function aes256Encrypt($key, $data) { if(32 !== strlen($key)) $key =…
Rafik Bari
  • 4,867
  • 18
  • 73
  • 123
-1
votes
3 answers

how to escape characters from external source to insert into database?

insert.php is behind htaccess/passwd It is grabbing data from an external source and then converting this into variables for insertion to database. I am getting a mysql error that I believe is being caused by the existence of left and right…
user1063287
  • 10,265
  • 25
  • 122
  • 218
-1
votes
1 answer

PHP mysql_real_escape_string or alternative with PDO

I'm trying to migrate a lot of old PHP mysql prodecural function like mysql_query, mysql_real_escape_string etc. into PDO with minimum effort. I don't want to rewrite every old DB function. The reason is that it's rather an old application and I'm…
koubic
  • 597
  • 1
  • 11
  • 23
-2
votes
3 answers

My function vs Mysql_real_escape_string

I have sessions that for the website and this is how i use them: $username = CleanMe($_SESSION["username"]); $password = CleanMe($_SESSION["password"]); //return clean values $_SESSION["username"] = $username; $_SESSION["password"]…
AAA
  • 3,120
  • 11
  • 53
  • 71
-2
votes
2 answers

"mysql_real_escape_string" error DESPITE connecting to database..what am I doing wrong?

Ok, this is driving me crazy. My PHP version is 5.2.17, MySQL version is 5.1.59 My javascript(jquery)is : $(document).ready(function(){$.post("file.php",{"dropTable":tableName}, function(data){});}); which is an ajax call on page load My…
dinchakpianist
  • 207
  • 1
  • 4
  • 12
-2
votes
2 answers

mysql_real_escape_string in PHP CLI

I have a script that I want to cron scheduled. Its all fine and dandy when I tested in the browser, working as it should but when run from php cli (php cron.php), mysql_real_escape_string loses the value given. Any idea why? UPDATED with code and a…
exentric
  • 177
  • 1
  • 4
  • 12
-2
votes
1 answer

How to show the original character like \n \t in mysql in a select statement

when I run select statement from mysql database, characters like \n \t will be escaped. Is there a way to see these original characters in mysql? What I want to see is something like "java.lang.Exception: Container released on a lost node\r\n\tat"
Bargitta
  • 2,266
  • 4
  • 22
  • 35
-2
votes
7 answers

mysql_real_escape more than once

I was just wondering whether it makes a difference if I mysql_real_escape data more than once? So if I escaped data in one part of my website, and then again in another part of code. Would this be a problem? Or make a difference?
Aran
  • 3,298
  • 6
  • 32
  • 33
-2
votes
2 answers

How to make safe login script

I am trying to make login script safe to stop hacking of my website. I am trying to use mysql_real_escape_string in my script can anyone guide me if i am wrong in this. Here is my code …
Dheeraj Verma
  • 38
  • 7
-2
votes
1 answer

(PHP/MYSQL) mysql_real_escape_string not working

Recently, I've been having a problem with INSERT INTO not working properly when inserting certain strings. I discovered that the cause was the string contained apostrophes which were messing with my code. To solve this, I've been trying to use…
MNOPYZ
  • 55
  • 1
  • 2
  • 13
-2
votes
1 answer

mysql_real_escape_string() leaves slashes to my image tag when re submitting page

$a = mysql_real_escape_string(strip_list_words($a)); $query = "update r set answer='{$a}' WHERE id = '{$id}'"; When the page gets "saved" (re-submitted) the frame that the "answer" (image) is display goes from: img…
Michael
  • 37
  • 7
-2
votes
2 answers

mysql_real_escape_string($text) is not working on live server

I am using this mysql command to remove extra character from string. Command is below mysql_real_escape_string($text); The above command is working completely in local server but it is not working on live server, it gives error like "mysql…
user3121341
  • 1
  • 1
1 2 3
24
25