Problem with mysqli_real_escape_string

Specky · December 11, 2015, 3:39pm

I’m trying to use mysqli_real_escape_string in some code to add values into a MySQL table, but for some reason anything wrapped in mysqli_real_escape_string isn’t entered into the table at all (other data is fine and the query works). I was trying to figure why. I heard that a “magic quotes” setting on the hosting server might be the reason but wanted to know what else might be possibly causing this.

This is an example of data being taken from the input form and added to the DB:

[PHP]
$address = mysqli_real_escape_string(@$_POST[‘_Address’]);
[/PHP]

If I take it out, it works fine- like this:

[PHP]
$address = @$_POST[‘_Address’];
[/PHP]

However I want to use some sort of function to check the data as a security measure. Is there an equivalent function I can use instead?

Otherwise I will try and get hold of the server hosts and see if they can enable this.

Specky · December 11, 2015, 4:08pm

Well, I got it to work like this:

[PHP]
$address = $mysqli->real_escape_string($_POST['_Address]);
[/PHP]

Seems to do the job…

Gandalf · December 11, 2015, 4:14pm

The POST array is $_POST

felgall · December 11, 2015, 7:58pm

Why are you trying to do that?

You should be using prepare and bind statements for your database calls and then escaping the data is completely unnecessary and just breaks the data.

system · March 12, 2016, 3:05am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
mysqli_real_escape_string PHP	23	5151	November 10, 2014
mysql_real_escape_string() problem PHP	7	2168	October 8, 2014
Using mysqli_real_escape_string() PHP	4	1065	April 10, 2015
mysql_real_escape_string(); Is Not Working PHP	3	507	June 25, 2011
Is mysql_real_escape_string enough? PHP	2	828	July 22, 2011

Problem with mysqli_real_escape_string

Related topics