Stack Overflow
Stack Overflow

Questions tagged [mysql-real-escape-string]

A PHP function that escapes special characters in a string for use in an SQL statement. This function has been deprecated and should not be used in new code.

mysql_real_escape_string is a PHP function which is used to escape special characters in SQL string literals, aiming to produce a correct string literal that can be safely used in an SQL statement, without the danger of breaking the query, causing an error or injection.

This should be used for string literals only.

This function is already deprecated, along with the rest of the mysql extension.

The mysql extension has been replaced by the mysqli extension and the PDO library. Both of these have their own escaping functions, but they also both support prepared statements (mysqli, PDO), which should be used instead of manual escaping.

Related tag

375 questions
-2
votes
3 answers

mysql_real_escape_string() [function.mysql-real-escape-string] is preventing server connection

Can someone explain why am getting this error when am setting up a new website? and how to solve it Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in…
codefun
  • 13
  • 1
  • 2
  • 6
-2
votes
5 answers

mysql_real_escape_string Not Working with '

I have a form processed with PHP. It contains a field for Notes about the client job. The problem is that if there is a ' within in the notes - such as it's, O'Reilly, that's etc, it escapes the string in the database, so I have all of the notes up…
Biomech
  • 37
  • 1
  • 6
-2
votes
1 answer

Error on mysql_real_escape_string()

That is the part of my code : if(!isset($_GET['username']) || !isset($_GET['sessionid'])) { $returning = array('error' => 'Invalid query'); echo json_encode($returning); break; } echo $_GET['username']; $z =…
TN888
  • 7,659
  • 9
  • 48
  • 84
-2
votes
1 answer

SQL equivalent of mysqli_real_escape_string

What is the equivalent of the below in SQL? PHP function for MySQL: mysqli_real_escape_string($POST['password']);
LCDesign Cambridge
  • 144
  • 2
  • 11
-2
votes
3 answers

How people can use this security hole?

I have browser game. There is message send form. I didn't make real escape string function to the "message_content" variable. There is any option, that the user could make after the insert of the message, any update ? I mean that the user could…
Just Asking
  • 5
-2
votes
1 answer

Do I sanitize/escape correctly?

I've made a simple search-script in PHP that searches a mySQL database and outputs the result. How this works is like this: User searches for "jack's" through a search-form. My PHP-script GETs this search, and sanitizes it. Then the script, with…
AnonymousJ
  • 87
  • 1
  • 12
-2
votes
1 answer

PHP escape string madness

The PHP manual and user feedback within all leave me feeling confused. I'm trying to fix someone else's code where he resorted to converting all form data to ASCII codes and back. This was done as a crude way of escaping everything but is hard to…
chris
  • 412
  • 6
  • 13
-2
votes
1 answer

Newsletter Subscription Dies With No Errors

I am having a problem with a newsletter subscription I am writing. The problem is I don't seem to be getting any errors or in fact anything at all when someone clicks submit, all that happens is they are presented with a blank white page and nothing…
Iain Simpson
  • 8,011
  • 13
  • 47
  • 66
-3
votes
3 answers

how to upadate field in database?

my code are not working, maybe because of the where statement. please help me with what is wrong with this line of code. query: mysql_query("UPDATE tblceas_vote SET fldpassword= $three WHERE fldstudno =$login");
user2852776
  • 63
  • 1
  • 5
-3
votes
2 answers

What's the use of mysqli_real_escape_string in case of ' / ' and ' \ ' and ' ' '?

Whats the use of mysqli_real_escape_string if the user inputs / \ ' in the input field ? Are they really harmful ? And if they are , what's the harm they do ?
user2591915
  • 13
  • 1
-3
votes
2 answers

What is the equivalent of mysql_real_escape_string for the Pawn language?

I need the regex code for Pawn. I need a code which I can use with preg_replace, too. Also what i use, is worse... So, my code is. $text = preg_replace('/([\\\\\|\'|"])/', '\\\$1', $text); Is this right? This code would replace the in PHP…
Patrick
  • 829
  • 2
  • 13
  • 34
-4
votes
2 answers

I need to secure this PHP code from SQL injection attacks

Possible Duplicate: Best way to stop SQL Injection in PHP I need to secure this code from SQL injection attacks, possibly using mysql_real_escape_string. Where and how do I apply it?
user977101
  • 161
  • 2
  • 12
-4
votes
4 answers

mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in

.../general.php on line 10 Hello, this is my error, but only occurs when I upload my web to a host, in the localhost run well. the (return mysqli_real_esc..)line is the "line 10". $conncet = mysqli_connect('xxx','xxx','xxx','xxx'); function…
Jeff
  • 1
  • 1
  • 4
-6
votes
2 answers

PHP function() Error , what's the newer Function() of this

I used that query in PHP but it does not work mysql_real_escape_string(); so what should i do ?? Is that is the previous version of PHP so please give me a solution of newer function . Without your answer my project is on pending .
Tash Khan
  • 1
-7
votes
1 answer

Call to a member function real_escape_string() on a non-object

The error is: Undefined variable: mysqli in /var/www/index.php on line 24 Fatal error: Call to a member function real_escape_string() on a non-object in /var/www/index.php on line 24 connect.php
Nistor Cristian
  • 5
  • 1
  • 2
1 2 3
24
25