SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2009
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    mysql_real_escape_string not working

    I'm trying to use mysql_real_escape_string to make some user input safe for insertion into a MySQL table. However, I am getting an error when I do it.

    I've tried it two different ways, and received two different errors. Here's the first...

    PHP Code:
    $conn DBManager::getConn(); 
    $username mysql_real_escape_string($in_username); 
    Note that the first line definitely successfully opens a connection. Here is the errors I get when I try this..

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\wamp\www\awesome\awesome\includes\usermgr.php on line 187

    Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\wamp\www\awesome\awesome\includes\usermgr.php on line 187
    Here is the second way I tried it..

    PHP Code:
    $conn DBManager::getConn();
    $username $conn->mysql_real_escape_string($in_username); 
    This generates the following error..

    Fatal error: Call to undefined method mysqli::mysql_real_escape_string() in C:\wamp\www\awesome\awesome\includes\usermgr.php on line 187
    Can anyone tell me what I'm doing wrong?

  2. #2
    SitePoint Enthusiast
    Join Date
    Sep 2009
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I figured I'd include the DBManager class in case maybe it has something to do with the way I'm connecting to the DB. I've tested this class and the getConn() method and it definitely gets a connection. I was able to connect and run queries on the database. Anyway, here's the code...

    PHP Code:
    class DBManager
    {
        private static 
    $s_conn;
        
        public static function 
    getConn()
        {
            if (
    DBManager::$s_conn === NULL)
            {
                
    $conn = @new mysqli(DB_HOSTDB_USERDB_PASSDB_DBASE);
                if (
    mysqli_connect_errno() !== 0)
                {
                    
    $msg mysqli_connect_error();
                    throw new 
    DatabaseErrorException($msg);
                }
                
                @
    $conn->query('SET NAMES \'utf8\'');
                
    DBManager::$s_conn $conn;
            }
            
            return 
    DBManager::$s_conn;
        }


  3. #3
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $username $conn->real_escape_string($in_username); 
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  4. #4
    SitePoint Enthusiast
    Join Date
    Sep 2009
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by AnthonySterling View Post
    PHP Code:
    $username $conn->real_escape_string($in_username); 
    Awesome. Thanks, that worked. So what is mysql_real_escape_string about? I got that straight of a PHP security book.

  5. #5
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it is not really about security. it is about SQL syntax.
    There are some special characters that must be escaped with backslash to make syntax of query correct.
    So, mysql_real_escape_string does the thing

  6. #6
    SitePoint Enthusiast
    Join Date
    Sep 2009
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Shrapnel_N5 View Post
    it is not really about security. it is about SQL syntax.
    There are some special characters that must be escaped with backslash to make syntax of query correct.
    So, mysql_real_escape_string does the thing
    I guess what I was really asking is what's the difference between mysql_real_escape_string and real_escape_string and why is only real_escape_string working for me? Is mysql_real_escape_string from an older MySQL extension or something?

  7. #7
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes. from other mysql extension


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •