mysql_real_escape_string() connection question

PHP
1

Hi,

I’m using MySQL/PHP in the uploading textual content section of a Content Management System. It works fine except I need to make it possible to upload textual content with apostrophes. I tried using the mysql_real_escape_string() function but I just get the following error message:
Warning: mysql_real_escape_string(): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2) in /hsphere/local/home/jimbo/jimbo.org/admin.php on line 13 Warning: mysql_real_escape_string(): A link to the server could not be established in /hsphere/local/home/jimbo/jimbo.org/admin.php on line 13

Here is the code, what should I change?

if ($post) {
	$db = new Database(DB_CONF, $log);
		$result = $db->execute('UPDATE static_content
			SET content = "' . mysql_real_escape_string($_POST['jimbonewtext']) . '"
			WHERE name = "' . $post['keyid'] . '"
			AND menu_name = "' . $post['pageid'] . '";');
		
		if (!$result) {
			$message = 'Submission failed...';
		} else {
			$message = 'Submission successful...';
		}
	}
	
	$get = $req->getGet();
	
	if (!isset($get['keyid'])) {
		$key = 'default';
	} else {
		$key = $get['keyid'];
	}

Many, many, many thanks,

Leao

2

Doesn’t your Database class provide a method for that?

3

mysql_real_escape_string() will only work if you already have a database connection.

That’s the limit of my debugging skills for mysql_* because of this. Worth a serious look imho.

4

If you use PDO or mysqli then you don’t need to escape anything in your SQL commands.