11-22-2010, 02:10 AM
im updating some php files that have the old mysql_escape_string function to the newer mysql_real_escape_string function and for some reason when i change it, it gives me a no database connection error, but yet its fine with the old function name, thats wierd the db connection is there why would it matter if i change the function name to the newer one.. i guess im alittle lost on this one.. thanks
11-22-2010, 02:46 AM
sorry about that..
$userid = clean($_GET['id']);
and clean is
but when i change it to mysql_real_escape_string i get an db error..
also in a normal line of code i have several of these
$name = mysql_escape_string($name);
and when i change it to
$name = mysql_real_escape_string($name);
i also get a db connect error..
11-22-2010, 03:06 AM
Are you sure that you have connected to the DB before you use the escape function? If I recall correctly, mysql_escape_string worked whether a connection was active or not, whereas real_escape requires that the DB connection be active first. I could be wrong, but I seem to vaguely recall something along those lines from wayback on here.
11-22-2010, 03:10 AM
ahhhhhhhhhh ill look into that, might be just the thing, those sneaky guys new function and new rules lol too funny... thanks
11-22-2010, 07:42 PM
That is likely your issue. MySQL_escape_string was simply a fancy addslashes for mysql. It was PHP created. Real_escape_string on the other hand uses the native MySQL functions to correct this issue.
If you are in the works of updating, I suggest looking into the usage of either MySQLi classes or PDO for your connectivity. These both provide you with the awesome prepared statements syntax which virtually eliminates the use of real_escape_string functions.